> French authorities believe that Telegram, under Durov’s leadership, became a major platform for organised crime due to its encrypted messaging services, which allegedly facilitated illegal activities
Nope. It's because of the large telegram group chats for the most part and those aren't E2EE. The only chats that can be E2EE on telegram are one to one DMs and that's only if you manually enable it.
i.e. They refused to turn over chat records that they have server side access to.
It's worth noting that they could do E2EE here for group chats but they don't. Signal does it but telegram wholesale refused to.
I think they don't support cross-device syncing or automatic backups of E2EE chats, so it's about minimising friction by default. Telegrams main focus is UX, unlike Signal which prioritizes security at the expense of UX.
There's nothing in Telegram that couldn't be implemented with security in mind. They just lack the expertise in designing cryptographic protocols that offer those features, and Durov is too proud to consult experts in helping improve the design. Well, now he gets to enjoy French hospitality.
Telegram's E2EE isn't available for group chats. It's not on by default for other chats, so most or all of your chats are probably just transport encrypted. Further, they rolled their own crypto (bad), MTProto2, which has a number of problems (but is not necessarily broken)
This places Telegram's security stance below that of even Instagram or Facebook (which also has optional E2EE chats, but uses the Signal protocol, which is considered better than MTProto2.)
E2EE is optional on Telegram and not really convenient. You can create a private chat which will be E2E encrypted but this takes a few taps and pins to device. Most of the users don't bother. And the main target is not personal chats but channels which can be easily discovered and followed.
This is not an e2e battle, this is the hunt for channel owners. Frankly it is too easy to make a "local chat" and sell stuff. Durov has the data and this is his weakness and strength. Platform is viral but there are too much for one hands.
I don't why you were downvoted. Because that is exactly what is going on. EU is generally on a open-encryption-by-warrant path and this is a great example of applying some pressuring.
Should we enable the Iranian polotical refugee to communicate in secret with her family ?
Should we by warrant enable the possibility to open up messages when pedofiles sell or buy children for sex ?
Many will disagree with you because your stance does not take an all-or-nothing approach, so good on you for asking these tougher questions. We have the same sort of questions in the US, though a very specific group would love to turn this who country into a police state (they even have their own flag). I am a big privacy advocate, but also recognize that it is ripe for abuse by bad actors, so the solutions are muddy and need some serious beta testing before they can be called solutions. This where people tend to get lost in the debate and start responding with emotions rather than reason, which unfortunately does not progress us a viable solution. I see the same thing happening in the EU, but from afar, so my perception is likely skewed.
Telegram is genuinely the best general communication platform I have ever used, by far. I really hope he has a good lawyer and this doesn't end up getting essentially murdered for creating it. When you create something that is objectively great, everyone will use it - including bad actors.
even with the recent trend towards adding incremental bloat to the client, it’s managed to stay a simple, straightforward tool for communicating with minimal advertising and enough of the features that i need front and center.
You like it better than Signal? The only thing I know Telegram for is several of my girlfriend’s relatives being exposed to crazy scams and right-wing conspiracy theories and misinformation on it.
Signal has better governance, plus e2ee mandatory, while on Telegram is optional and rarely used. Telegram also has a “social media” aspect with huge groups and channels, which attracts many people, but is a depart from the whole secure chat messaging it’s still known for.
This is exactly my experience as well. I have never actually used telegram as I was early a signal user and never needed it but my ex used it. All she ever used it for was conspiracy garbage she would follow. Anti covid vaccine doctors and groups mainly. The amount of misinformation she tried to show me and every time I would show her how it was fake she still would not believe me. Then she was even scammed out of $10k from telegram when she fell for a romance crypto scam. The conspiracy stuff is a main reason we broke up it was every single one from flat earth to fake moon landing to all the covid world economic forum world take over and on and on. Most of these came from telegram.
The reason you consider all that misinformation is because it's politically sensitive information and every single other social media company and the vast majority of western-aligned media censor it, so the only place you come across such information is in the uncensored Telegram platform, and assume it must be false because all the other media you consume tells you so.
No I do not assume the moon landing was fake because other media outlets won't cover it. I do not think the earth is flat because news outlets won't cover it. The list goes on. I also do not think the covid beliefs I have come from the fact that mainstream news outlets won't cover it. I strongly believe a narrative was painted and information censored and controlled when it did not fit the narrative they wanted. I was first to criticize the Canadian government on how they handled the vaccine rollout and mandates. I did however spend a lot of time doing my own research and listening to any information my ex showed me and also researching those sides to things and formed a well informed opinion. I sought out other opinions and studies. I did my best to follow the science. Not at all what you are implying. In the end my ex was only interested in the opposite which was any narrative that said the vaccine was poisonous, we are being forced to take it because this is a world culling and in the next few years population is about to crash as it has now effected our sperm and dna so we will not be able to have children and the crazy thought kept on coming almost all fueled by telegram chat groups pushing that stuff.
Video and Audio calls are hit and miss. The history and search are not reliable. The interface is not really suited for big group chats... I could go on and on.
And tactics exist outside of control of communications, to capture these bad actors, to infiltrate their ranks; why are these alternatives to fighting the production of child exploitation and abuse content not brought up in conversation ever?
I use telegram for some group chats, but I'm not sure why tech-savvy people would like it so much – messages are not end-to-end encrypted which makes it an inferior choice compared to even whatsapp
On iOS, if you turn off your Internet connection and receive a message, you won’t get a notification when you restore your connection. This problem doesn’t exist with WhatsApp, Messenger, Instagram. Quite strange.
Signal for mobile and Signal for desktop are different apps with different code bases. Neither is as good as Telegram's, in my opinion.
Signal is fine for messaging. Not bad, not amazing. I'd have a much easier time convincing people to switch to Signal if it would've had a client as good as Telegram's, especially for the desktop application.
That said, Telegram has been adding more and more annoying premium features that distract and annoy.
> which makes it an inferior choice compared to even whatsapp
I'd rather have a good privacy policy with a good enough server-side encryption than some closed-source implementation of E2EE, that we can never audit.
WhatsApp actually disallows you from reverse-engineering the app and looking into the algorithm. That begs the question, what percentage of E2EE is it really? 20%? 50%? 100%? Because there's still no way to confirm their claims of E2EE. All we have is a company with a really good track record in lying publicly, telling you that it's safe.
This is no longer true, whatsapp have taken steps [0] to make their e2ee auditable and honestly I disagree with the idea that no e2ee is better than closed source e2ee. I'm not sure why you would trust a privacy policy more than you would trust encryption, with a court order Telegram would provide your chats to law enforcement, while Whatsapp would not be able to.
This is not the algorithm being audited, it's the key. Telegram's complete algorithm is auditable, including the open source client apps. Server code is always unverifiable, so let's not bring that up.
Secondly, WhatsApp channels and large groups (copied from Telegram) are not encrypted in any way (cmiw), as opposed to Telegram's MTProto 2.0 Cloud encryption. The app is completely closed-source even with all their claims of privacy and its TnC even discourages you from reverse-engineering it.
WhatsApp Communities are indeed E2E encrypted. About channels, why would you want a channel to be encrypted when you are just a follower and cannot communicate back? In fact WhatsApp's guidelines explicitly state the following:
> Channel updates should be used to share information with followers and viewers, not as a way for admins to communicate back and forth.
For one, it's the only major messenger that has an actually lightweight, well-written and full-featured desktop client rather than yet another boxed-up web browser. I might be more enthusiastic about using the alternatives if I could use the Telegram client.
It's very bizarre to see all these comments downplaying this, or implying the lack of E2EE by default somehow makes it less attractive to the average user than something like Signal.
Most people care about usability and interconnectivity first and foremost because the majority of their messaging activities are not so sensitive that they feel the need to sacrifice those things for mandatory E2EE. Call that shortsighted if you like, but it's far more common than this "encryption or bust" mindset around here.
If signal or some messaging platform could find a way to be E2EE capable all the time, with all the same usability and design as telegram, without unnecessary restrictions on users, and without it being a completely walled off garden from which your data can never be self-extracted, it would win this argument.
Same goes for things like Tutanota and a lot of these other data prisons that are cropping up which create privacy through taking away user agency.
Until then users will pick what they want for their own needs. Telegram met those needs for many.
isn't only the client side oss? server side logs/libs is more likely. isn't it amazing 30 guys handle a billion users and who knows what sort of ddos is unleashed against them.
Intriguing (and surprising to me that they offer E2EE at all), but there is seemingly no Linux build. I can't seem to find source code either (Telegram Desktop's is released under the GPL).
They used to have a page wittily named "feature matrix", which made it apparent that only Element was really kept up to date, with other clients missing features ranging from channel search to embedding images. I don't know if this situation has improved and whether the original page still exists somewhere.
Several of them have been reporting improvements over the past couple years in the weekly Matrix development blog, and I know at least one of them has both search and embedded images. You might want to have another look some time.
Maybe because tech-savvy people understand the need and importance of encryption? There's of course always the exceptions that say they don't care about privacy, but that is fortunately usually a small group, at least in the tech-savvy world.
Both tech savvies and laypeople expect private/encrypted messaging app to provide the basic property that only the sender and the intended recipients can read it. This is achieved with end-to-end encryption. Techies know the term, and can understand it's not present. Non-tech people don't understand, and just rely on word-of-mouth that it's super secure, when it's not.
At least on the beginning, when I looked into it, it had a very simple and well documented API. I guess it was the only messenger you could send a message with one line of code (of course not e2e encrypted). So it's very simple to send you a message from your home project.
Almost all conversations that most people have are benign. I used telegram to follow journalists (essentially as a twitter replacement), how would E2EE benefit my use case?
Yeah no shit. But sharing cute cat pics deserve human right to privacy. Also, when everything is E2EE, that reduces the metadata about when you say something private. You don't want your opt-in encryption to reveal metadata about how close you are to someone.
WhatsApp doesn't save my history. And secret services of governments of certain counties are not a realistic adversary that I'm trying to defend myself against. The usual scammers which are going to steal my identity are not the people Durov will sell admin access to his server to.
I actually despise it. I'm not sure if this has changed, but after being forced to make an account under my phone number, it proceeded to send a message that I had joined to everyone who had my number in their contacts and was foolish enough to share them with Telegram. This included a rather vile woman whose number I apparently inherited from a deceased relative some years before. She didn't understand this and accused me of stealing his identity. While it was simple enough for me to brush it off, I couldn't believe they would allow and even encourage such a thing, so I almost immediately deleted my account and instead tried out one that wasn't so eager to lap up my personal details.
The fact bad actors are also using it is not the problem. His unwillingness to moderate content and cooperate with authorities is.
Great UX doesn’t suddenly put you above the law.
There is no random hassle that get your account/group/channel deleted(unless you are doing real CP, which is a giant red line of telegram) or random limit for size of the group. And easy to use. That's it.
Also the apis are almost completely free, so you can do lots of creative projects for fun.
Most people dont give a shit about security. Telegram is easier to use than signal and has more features because auto encryption makes stuff like public chats difficult.
Exploit their smartphone then email tidbits of their more outstanding Facebook chats, SMS messages, maybe some nudes, and recordings of their phone calls. You will see the "I don't care about security attitude" do a hard 180 real quick.
Good lawyers won’t make much difference for him as the French government is tired of not being able to look at all our conversations. They want to start scaring people into compliance and verifying all their actions with the government or at least scaring the companies providing a (semi) private experience. This is mostly like just phase 1 of getting the keys that open up telegram servers to 5 eyes by getting Durov under their thumbscrews.
The masses do not care much if ones do not do agains bad actors what are in their power just their pretty platform shall keep running, they will keep this one alive too and argue for it to the death, don't worry, the masses could argue for any malicious thing that they find pretty or nice or like for some reason. Can organize some protest or even riot too in a - unencrypted by nature - group channel, there will be scores to participate, as recent example show in other precious matters, maybe can loot some good scores too on the side of the big party about a dear matter for the heart! Paris deserve the revenge! : /
I really hope this doesn't become an "encryption bad" cudgel.
> The main accusation by EU authorities concerns Telegram’s encrypted messaging services, which were allegedly used to facilitate organised crime. One investigator stated that ‘Telegram has become the number one platform for organised crime over the years’, underlining the perceived link between the platform’s privacy features and criminal activities.
It's unclear to me how much this "perceived link" is on behalf of the author of the article, as opposed to the prosecutors themselves.
Telegram doesn’t have mandatory e2ee, which puts it in this kind of situation. Having data on crime committing and denying access to it from authorities is a crime itself in most countries.
Right, I think that's an important distinction to make, but it's not really one that's explored in the article.
The article doesn't say anything about E2EE specifically, but I think it would be understandable to "read between the lines" and assume that Telegram is in trouble for offering E2EE - but I think/hope that assumption would be incorrect.
Because the post cooperates with law enforcement. The issue here isnt that criminals used telegram, it's that telegram didnt cooperate with the state. If you want to have a policy of non-cooperation you cant hold the unencrypted data.
Cell phones are encrypted over the air, but they aren't end to end encrypted, and it's safe to assume that a provider will wiretap the plaintext passing through their backend if the authorities ask for it.
Telegram is not end-to-end encrypted in the way other messaging services are (whatsapp, signal), it is encrypted but Telegram holds the keys and are able to decrypt any messages not sent on a "secret chat" which is not the default, or any messages on a group chat
The article is very poor mixing the actual charges with unrelated European Union concerns. The charges are not linked to encryption. Most of Telegram is unencrypted anyway.
The issue is with Telegram non cooperation and lack of moderation of publicly available content.
I'm genuinely curious to what would happen with Signal if the same bad actors moved to their platform. Would France also be arresting its creators for not properly moderating and giving backdoors?
This would imply that just E2EEing everything would give you a free pass not to moderate anything, which seems very naive. I doubt the judges would care about their self-imposed technological limitations.
If I sell shovels, it's not a self-imposed techical limitation that I don't have a way to detect and prevent anyone from doing something illegal with a shovel. Even after the technological means exist to include an intetnet connected spy device in every shovel.
Secure message passing is no different. The "shovel", the thing one might sell, is just the application of some math which does something and not any of the infinite other things.
It's not a shovel he's selling. It's aching to hosting a gallery portraying disgusting crimes done to actual children. Digital or ink, Durov can't just go behind freedom of speech in this matter.
This isn't about Durov or Telegram, it's about "E2EEing everything would give you a free pass not to moderate anything, which seems very naive"
An e2e communication system is just a shovel, or a car, or a saw, or any other tool that does a specific thing for which there is any valid need, which there absolutely is. Thinking that there is any logically valid way around that is what is very naive.
I agree with you, but also sympathize with the technical issues of moderating encrypted information. Thinking a bit about it, there would need to be a global man in the middle or a requirement for all applications to decrypt/re-encrypt centrally for moderation.
There's a difference between breaking the encryption of a single target after a warrant or handing over previous data which would need some kind of backdoor in the encryption.
Signal always sounded like they have better lawyers and are not as antagonistic. Police work is not only about encryption. But a lot of it involves metadata. And you know, just booting bad actors from the platform.
They also don't have public groups with questionable material, as far as I know
Signal doesn’t have public groups/channels. Moderation obligations only apply to public dissemination. If I send an email to a private mailing list, the involved email providers have no obligation to moderate its contents.
What a sad way to try to infer this has anything to do with Telegram being so secure Durov has to be arrested, when its really about Durov letting CSAM sit on his servers for a decade.
Why are these service providers being punished for what their users do? Specifically, these service providers? Because Google, Discord, Reddit, etc. all contain some amount of CSAM (and other illegal content), yet I don't see Pichai, Citron, or Huffman getting indicted for anything.
Hell, then there's the actual infrastructure providers too. This seems like a slippery slope with no defined boundaries where the government can just arbitrary use to pin the blame on the people they don't like. Because ultimately, almost every platform with user-provided content will have some quantity of illegal material.
IANAL and not that familiar with the legal situation, but if we assume that running a platform of this type requires you, by law, to moderate such a platform and he fails to do that, idk what we are talking about. Yes, he would clearly be breaking the law. Why would that not get prosecuted in the completely normal, boring way that I would hope all law breaking will eventually be prosecuted?
If you are alleging that there's comparable, specific and actual legal infringements on the part of meta/google, that somehow go uninvestigated and unpunished, free free to point to that.
frankly, even with unencrypted chats, any law/precedent requiring that platform providers have to scale moderation linearly with the number of users (which is effectively what this is saying) sounds like really bad policy (and probably further prevents the EU from building actual competitors to American tech companies)
It was their decision to become something bigger than a simple messaging app by adding channels and group chats with tons of participants.
It was also their decision to understaff content moderation team.
Sometimes the consequence is a legal action, like the one we're seeing right now. All this could have been easily avoided if they had E2EE or enough people to review reported content and remove it when necessary.
Telegram started 11 years ago. I know the term has been diluted for ages, but it still rubs me the wrong way to use the word startup for decade old businesses.
A straightforward legal responsibility should be shirked because scaling moderation is hard? How many other difficult things do you propose moving outside the law?
That's not the case here though. Most of the communication on Telegram is not E2E Encrypted.
Even E2EE messaging service providers have to cooperate in terms of providing communication metadata and responding to takedown requests. Ignoring law enforcement lands you in a lot of shit everywhere, in Russia you'll just be landing out of a window.
These laws have applied for decades in some shape or form in pretty much all countries, so it shouldn't come as a surprise.
Have you used Telegram before making this comment? It is moderated. You really think this is about the company, the platform, not about politics? Well you should think again.
it is much less aggressively moderated and censored than facebook, and pleasant to use, source: first hand experience.
But i have no idea if it truly has more or less crime than other platforms. So we can't really tell if he's being messed with because he can't stand up for himself in a way Microsoft or Musk can, or it is truly a criminal problem.
Should have written >unmoderated<. No service would live 2 hours if it would be actually unmoderated. But seemingly they only remove content that is directly a product of/causing physical harm.
I don't think it's a crime not to report a crime, at least not where I live. But facilitating a crime, which is something you could accuse telegram of is.
You're technically right (I think). However, I believe if you witness a murder and know the murderer and the police asks you: "Do you know anything about X murder?" Then I think you're legally required to tell the truth here.
I don't think it's necessarily self-incrimination to report a crime you witnessed, though I think it's dependent based on the time from when it occurred to the time of reporting.
If you're the witness to a murder and you're subpoena'd to court and refuse to testify then you are committing contempt of court. There was a guy in Illinois who got 20 years (reduced to 6 on appeal) for refusing to testify in a murder.
Contempt of court usually has no boundaries on the punishment, nor any jury trials. A judge can just order you to be executed on the spot if you say, fall asleep in his courtroom. Sheriffs in Illinois have the same unbridled power over jail detainees.
i think in actual practice you will rarely get contempt for refusing to testify or taking the fifth for questions that could only tenuously implicate yourself in practice.
Usually if you let the prosecutor know up-front that you're not willing to cooperate they will tend to save themselves the hassle of trying. It can go wrong if they subpoena a belligerent witness, then they don't turn up on the day they're supposed to testify, and now the jury is empaneled and they start doing a dance where they demand the sheriff finds the witness, but then the clock runs out on holding the jury and it's a mistrial all round.
Yes, "I don't recall" is the oft-heard phrase in the witness stand. I don't remember the specifics of that case and why the guy decided to martyr himself.
It doesn’t extend to police questioning, i also pointed out it’s a different thing when you are in a court.
For the police an innocent bystander can turn into a suspect real fast.
The English common law tradition has a crime called “misprision”. Misprision of treason is the felony of knowing someone has committed or is about to commit treason but failing to report it to the authorities.
It still exists in many jurisdictions, including the UK, the US (it is a federal crime under 18 U.S. Code § 2382, and also a state crime in most states), Australia, Canada, New Zealand and Ireland.
Related was the crime “misprision of felony”, which was failure to report a felony (historically treason was not classed as a felony, rather a separate more serious category of crime). Most common law jurisdictions have abolished it, in large part due to the abolition of the felony-misdemeanour distinction. However, in the US (which retains that distinction), it is a federal crime (18 U.S. Code § 4). However, apparently case law has narrowed that offence to require active concealment rather than merely passive failure to report (which was its original historical meaning)
Many of the jurisdictions which have abolished misprision of felony still have laws making it a crime not to report certain categories of crime, such as terrorism or child sexual abuse
If someone says I need a cab for after I rob a bank and you give them a ride after waiting then you’re almost certainly an accessory. If they flag a random cab off the street then not.
Depending on the jurisdiction and the crime and the circumstances an act of omission (like ignoring a murder) would be suspicious and may get you charged with aiding and abetting.
On top of that, if you can be shown to benefit from the crime (e.g. by knowingly taking payment for providing services to those that commit it), that presumably makes you more than just a bystander in most jurisdictions anyway.
That link you posted is 1) about very specific crimes (treason, murder, manslaughter, genocide etc.) and 2) it applies only when you hear about a crime that is being planned but which has not been committed yet (and can still be prevented).
It is only for specific crimes not all crimes and there are exemptions when you don’t have to report the crime in Germany. For example family members don’t have to report if they try to convince the other party not to do it. Priests and other religious figures don’t have to do it. Lawyers, physicians, therapists etc. are also exempted.
It is also only for upcoming not yet accomplished crimes. Crimes already happened don’t have to be reported.
Also it has to be proven that you received the plan in a plausibel manner.
CSAM is different - in the US, as well as france, the law designates the service provider as a mandatory reporter. If you find CSAM and don't report the user who posted it to authorities (and Telegram have phone numbers of users) then they are breaking the law.
If we're doing US criminal law, failing to report crimes is a red herring here, right? I'd assume the accusation would turn on accomplice liability, on Durov both knowing about the crime and, in that knowing state of mind, doing something concrete to help it (like concealing it from inquiring authorities).
Obviously this is French criminal law, which is, well, wow.
YouTube ignored reports for CSAM links in comments of "family videos" of children bathing for years until a channel that made a large report on it went viral.
Who you are definitely determines how the law handles you. If you're Google execs, you don't have to worry about the courts of the peasantry.
I have my dead creepy uncle's phone in my drawer right now, and can give you soft core child porn from his instagram. His algorithm was even tuned to keep giving endless supply of children dancing in lingerie, naked women breastfeeding children while said children play with her private part, prostitutes of unknown age sharing their number on the screen, and porn frames hidden in videos.
Telegram is for the most part not end-to-end encrypted, one to one chats can be but aren't by default, and groups/channels are never E2EE. That means Telegram is privy to a large amount of the criminal activity happening on their platform but allegedly chooses to turn a blind eye to it, unlike Signal or WhatsApp, who can't see what their users are doing by design.
Not to say that deliberately making yourself blind to what's happening on your platform will always be a bulletproof way to avoid liability, but it's a much more defensible position than being able to see the illegal activity on your platform and not doing anything about it. Especially in the case of seriously serious crimes like CSAM, terrorism, etc.
If law enforcement asked them nicely for access I bet they wouldn't refuse. Why take responsibility for something if you can just offload it to law enforcement?
The issue is law enforcement doesn't want that kind of access. Because they have no manpower to go after criminals. This would increase their caseload hundredfold within a month. So they prefer to punish the entity that created this honeypot. So it goes away and along with it the crime will go back underground where police can pretend it doesn't happen.
Telegram is basically punished for existing and not doing law enforcement job for them.
Maybe they didn't ask nicely. Or they asked for something else. There's literally zero drawback for service provider to provide secret access to the raw data that they hold to law enforcement. You'd be criminally dumb if you didn't do it. Literally criminally.
I bet that if they really asked, they pretty much asked Telegram to build them one click creator that would print them court ready documents about criminals on their platform so that law enforcement can just click a button and yell "we got one!" to the judge.
> There's literally zero drawback for service provider to provide secret access to the raw data that they hold to law enforcement.
That's not true. For one things, it is expensive. For another, there's a chance people will find out and you'll lose all your criminal customers... they might even seek retribution.
> I bet that if they really asked, they pretty much asked Telegram to build them one click creator that would print them court ready documents about criminals on their platform so that law enforcement can just click a button and yell "we got one!" to the judge.
You seem to believe, without having looked at the publicly available facts of the matter, that the problem is law enforcement didn't say "pretty please". The fact of the matter is that they've refused proper law enforcement requests repeatedly; if anyone has been rude about it, it's been Durov.
End-to-end encrypted means that the server doesn’t have access to the keys. When server does have access, they could read messages to filter them or give law enforcement access.
Meta seems to shy away from saying they don't look at the content in some fashion. Eg they might scan it with some filters, they just don't send plaintext around.
Read the founder exit letter. whatsapp is definitely not e2e encrypted for all features.
You leak basic metadata (who talked to who at what time).
You leak 100% of messages with "business account", which are another way to say "e2e you->meta and then meta relays the message e2e to N reciptients handling that business account".
Then there's the all the links and images which are sent to e2e you->meta, meta stores the image/link once, sends you back a hash, you send that hash e2e to your contact.
there's so many leaks it's not even fun to poke fun at them.
And I pity anyone who is fool enough to think meta products are e2e anything.
> with "business account", which are another way to say "e2e you->meta and then meta relays
actually its a nominated end point, and then from there its up to the business. It works out better for meta, because they aren't liable for the content if something goes wrong. (ie a secret is leaked, or PII gets out.) Great for GDPR because as they aren't acting as processor of PII they are less likley to be taken to court.
Whatsapp has about the same level of practical "privacy" (encryption is a loaded word here) as iMessage. The difference is, there are many more easy ways to report nasty content in whatsapp, which reported ~1 million cases of CSAM a year vs apples' 267. (not 200k, just 267. Thats the whole of apple. https://www.missingkids.org/content/dam/missingkids/pdfs/202...)
Getting the content of normal messages is pretty hard, getting the content of a link, much easier.
iMessage is not on the same playing field as Whatsapp and Signal. Apple has full control over key distribution and virtually no one verifies Apple isn't acting as a MitM. Whatsapp and e2e encrypted messenger force you to handle securely linking multiple devices to your account and gives you the option to verify that Meta isn't providing bogus public keys to break the e2e encryption.
For iMessage, Apple can just add a fake iDevice to your account and now iMessage will happily encrypt everything to that new key as well and there's zero practical visibility to the user. If it was a targeted attack and not blanket surveillance then there's no way the target is going to notice. You can open up the keychain app and check for yourself but unless you regularly do this and compare the keys between all your Apple products you can't be sure. I don't even know how to do that on iPhone.
never thought about using csam image hash alerts as a measure of platform data leaks (and popularity as i doubt bots will be sharing them). that's very smart.
and show that fb eclipse everyone by a insane margin it's scary!
about your point on business accounts, the documents i reviewed included dialog tree bots managed by meta. not sure if not having that change things... but in that case it was spelled out that meta is the recipient
Its more a UX/org thing. In iMessage how do you report a problematic message? you can't easily do it.
In whatsapp, the report button is on the same menu that you use to reply/hide/pin/react.
Once you do that, it sends the offending message to meta, unencrypted. To me, that seems like a reasonable choice. Even if you have "proper" e2ee, it would still allow rooting out of nasty/illegal shit. those reports are from real people, rather than automated CSAM hashing on encrpyted messages. (although I suspect there is some tracking before and after.)
Its the same with instagram/facebook. The report button is right there. I don't agree with FB on many things, but this one I think they've made the right choice.
isn't meta only end to end encrypted in the most original definition in so much that it is encrypted to each hop. but it's not end to end encrypted like signal.. ie meta can snoop all day
If a service provider can see plain text for a messaging app between the END users, that is NOT end-to-end encryption, by any valid definition. Service providers do not get to be one of the ends in E2EE, no matter what 2019 Zoom was claiming in their marketing. That's just lying.
Yes, WA messages are supposed to be e2e encrypted. Unless end-to-end encryption is prohibited by law in your jurisdiction, I don't see how that question is relevant in this context.
I'm more disturbed by the fact that on HN we have 0 devs confirming or denying this thing about FBs internals wrt encryption. We know there are many devs that work there that are also HN users. But I've yet to see one of them chime in on this discussion.
I find it pretty ridiculous to assume that any dev would comment on the inner workings of their employers software in any way beyond what is publicly available anyway. I certainly wouldn't.
Why not? If I think my employer is doing something unethical, I certainly would. That would be the moral thing to do.
This tells me most of the people implementing this are either too-scared of the consequences, or they think what they're implementing is ethical and/or the right thing to do. Again, both are scary thoughts we should be highly concerned about in a healthy society that talks about these things.
One other potential explanation: FB and these large behemoths have compartmentalized the implementations of these features so much that no one can speak authoritatively about it's encryption.
You are talking about a company whose primary business idea it is to lock up as much of the world's information as possible behind their login.
The secondary business idea it to tie their users logins to their real world identities, to the point of repeatedly locking out users who they live under threat and refuse to disclose their real name.
What has E2EE got to do with it? If you catch someone who sent CP you can open their phone and read their messages. Then you can tell Meta which ones to delete and they can do it from the metadata alone.
The receiving end shared your message with the administrators? E2e doesn't mean you aren't allowed to do what you want with the messages you receive, they are yours.
Nope, it didn't even arrive on their end, it prevented me from sending the message and said I wasn't allowed to send that. So they are pre screening your messages before you send them.
The chats are encrypted but the backup saved in the cloud isn't. So if someone gets access to your Google Drive he can read your WhatsApp chats. You can opt-in to encrypt the backup but it doesn't work well.
I've actually given up trying to post on Reddit for this reason. Whenever I've tried to join in on a discussion in some subreddit that's relevant(eg r/chess) my post has been autoremoved by a bot because my karma is too low or my account is "too new". Well how can I get any karma if all my posts are deleted?
I can see how it's frustrating, but the communities you're trying to post in are essentially offloading their moderation burden onto the big popular subreddits with low requirements -- if you can prove you're capable of posting there without getting downvoted into oblivion, you're probably going to be less hassle for the smaller moderator teams.
That's silly. I gotta go shitpost in subreddits I have no interest in as some sort of bizarre rite of passage? I'd rather just not use the site at that point.
Actually, HN has a much better system. Comments from new accounts, like your throwaway, are dead by default, but any user can opt in to seeing dead posts, and any user with a small amount of karma can vouch those posts, reviving them. Like I just did to your post.
Even those who farm accounts know the simple answer to your question. You have to spend a little time being civil in other subreddits before you reveal the real you. Just takes a few weeks.
The comments I made were quite serious and civil. Not sure what you mean. They were autodeleted by a bot. I wasn't trolling or anything.
I'm not particularly interested in spending a lot of time posting on reddit. But very occasionally I'll come across a thread I can contribute meaningfully to and want to comment. Even if allowed I'd probably just make a couple comments a year or something. But I guess the site isn't set up for that, so fuck it.
Sounds like you glossed over the phrase “in other subreddits”, which is the secret sauce. The point of my phrasing was not to suggest that you aim to be uncivil, but to highlight that the above works even for those who do aim to. So, surely, it should work for you, too.
It's simpler, the US wants to control the narrative everywhere and in everything, just like in the 90s and 00s. Things like Telegram and Tiktok and to some extent RT, stand in the way of that.
As far as I can see. CP is probably the fastest way to get a channel and related account wiped on telegram in a very short time. As a telegram group manager. I often see automated purge of CP related ad/contents, or auto lockout for managers to clear up the channel/group. Saying telegram isn't managing CP problems is just absurd. I really feel like they just created the reason for other purpose.
This distinction gets lost in these discussions all of the time. A company that makes an effort to comply with laws is in a completely different category than a company that makes the fact that they’ll look the other way one of their core selling points.
Years ago there was a case where someone built a business out of making hidden compartments in cars. He did an amazing job of making James Bond style hidden compartments that perfectly blended into the interior. He was later arrested because drug dealers used his hidden compartment business to help their drug trade.
There was an uproar about the fact that he wasn’t doing the drug crimes himself. He was only making hidden compartments which could be used for anything. How was he supposed to know that the hidden compartments were being used for illegal activities rather than keeping people’s valuables safe during a break-in?
Yet when the details of the case came out, IIRC, it was clear that he was leaning into the illegal trades and marketing his services to those people. He lost his plausible deniability after even a cursory look at how he was operating.
I don’t know what, if any, parts of that case apply to Pavel Durov. I do like to share it as an example of how intent matters and how one can become complicit in other crimes by operating in a manner where one of your selling points is that you’ll help anyone out even when their intent is to break the law. It’s also why smart corporate criminals will shut down and walk away when it becomes too obvious that they’re losing plausible deniability in a criminal enterprise.
If you are directly aiding and abetting without any plausible attempt to minimize bad actors from using your services then absolutely.
For example, CP absolutely exists on platforms like FB or IG, but Meta will absolutely try to moderate it away to the best of their ability and cooperate with law enforcement when it is brought to their attention.
And like I have mentioned a couple times before, Telegram was only allowed to exist because the UAE allowed them to, and both the UAE and Russia gained ownership stakes in Telegram by 2021. Also, messaging apps can only legally operate in the UAE if they provide decryption keys to the UAE govt because all instant messaging apps are treated as VoIP under their Telco regulation laws.
If you are a criminal lawyer who is providing defense, that is acceptable because everyone is entitled to to a fair trial and defense.
If you are a criminal lawyer who is directly abetting in criminal behavior (eg. a Saul Goodman type) you absolutely will lose your Bar License and open yourself up to criminal penalties.
If you are a criminal lawyer who is in a situation where your client wants you to abet their criminal behavior, then you are expected to drop the client and potentially notify law enforcement.
Are you talking about Brian Steel? He was held in contempt because he refused to name his source that informed him of some misconduct by the judge (ex parte communication with a witness). That's hardly relevant here, the client wasn't involved at all as far as anyone knows.
> If you are a criminal lawyer who is directly abetting in criminal behavior
Not a lawyer myself but I believe this is not a correct representation of the issue.
A lawyer abetting in criminal behaviour is committing a crime, but the crime is not offering his services to criminals, which is completely legal.
When offering their services to criminals law firm or individual lawyers in most cases are not required to report crimes they have been made aware of under the attorney-client privilege and are not required to ask to minimize bad actors from using their services.
In short: unless they are committing crimes themselves, criminal lawyers are not required to stay clear from criminals, actually, usually the opposite is true.
any plausible attempt to minimize bad actors from using your service
I mentioned criminal lawyers because their job is literally to "offer their services to criminals or to people accused of being criminals" and they have no obligation whatsoever to minimize bad actors from using your service, in fact bad actors are usually their regular clientele and they are free to attract as many criminals as they like in any legal way they like.
Helping a criminal to commit a crime it's an entirely different thing and anyway it must be proved in a court, it's not something that can be assumed on the basis of allegations (their clients are criminal, so they must be criminal too).
That's why in that famous TV drama Jessy Pinkam says "You dont want a criminal lawyer, you want a Criminal. Lawyer.".
The premise of this story is that Telegram offers a service which is very similar to safe deposit boxes, the bank it's not supposed to know what you keep in there hence they are not held responsible if they are used for illegal activities.
In other words most of the times people do not know and are not required to know if they are dealing with criminals, but, even if they did, there are no legal reasons to avoid offering them your services other than to avoid problems and/or on moral grounds (which are perfectly understandable motives, but are still not a requirement to operate a business).
Take bars, diners, restaurants, gas stations or hospitals, are they supposed to deny their services?
And how would they exactly should take actions to minimize bad actors from using your service?
If someone goes to a restaurant and talks about committing a crime, is the owner abetting the crime?
I guess probably not, unless it is proven beyond any reasonable doubt that he actually is.
It doesn't matter if it's true or false it only matters what the justice system can prove.
> The premise of this story is that Telegram offers a service which is very similar to safe deposit boxes, the bank it's not supposed to know what you keep in there hence they are not held responsible if they are used for illegal activities.
This is the issue. Web platforms DO NOT have that kind of legal protection - be it Telegram, Instagram, or Hacker News.
Safe Harbor from liability in return for Content Moderation is expected from all internet platforms as part of Section 230 (USA), Directive 2000/31/EC (EU), Defamation Act 2023 (UK), etc.
As part of that content moderation, it is EXPECTED that you crack down on CP, Illicit Drug Transactions, Threats of Violence, and other felonies.
Also, that is NOT how bank deposit boxes work. All banks are expected to KYC if they wish to transact in every major currency (Dollar, Euro, Pound, Yen, Yuan, Rupee, etc) and if they cannot, they are expected to close that account or be cut off from transacting in that country's currency.
> That's why in that famous TV drama Jessy Pinkam says "You dont want a criminal lawyer, you want a Criminal. Lawyer.".
First, it's Pinkman BIATCH not Pinkam.
And secondly, Jimmy McGill (aka Saul Goodman) was previously suspended by the NM Bar Association barely 5 years before Breaking Bad, and was then disbarred AND held criminally liable when SHTF towards the finale.
> This is the issue. Web platforms DO NOT have that kind of legal protection - be it Telegram, Instagram, or Hacker News.
e2e encryption cannot be broken though
> Safe Harbor from liability in return for Content Moderation is expected from all internet platforms as part of Section 230 (USA), Directive 2000/31/EC (EU), Defamation Act 2023 (UK), etc.
I have no sympathy for Durov and I don't care if they throw away the keys, but what about Mullvad then?
I guess that a service whose main feature is secrecy and anonymity should at least provide anonymity and secrecy.
> CP, Illicit Drug Transactions, Threats of Violence, and other felonies
you understand better than me that the request is absurd all of this is in theory, in practice nobody can actually do it for real, the vast majority of illicit clear text content are honeypots created by agents of various agencies to threaten the platforms and force them to cooperate. nothing's new here, but let's not pretend that this is to prevent crimes.
also: the allegations against Telegram are that they do not cooperate, but we don't actually know if they really crack down on CP or other illegal activities or not, because if they don't, the reasonable thing to do would be to shut down the platform, what does arresting the CEO accomplish? (rhetorical question: they - I don't want to throw names, but i think that the usual suspects are involved - want access to and control of the content, closing the platform would only deny them access and would create uproar among the population - remember when Russia blocked Telegram?)
also 2: AFAIK Telegram requires a phone number to create an account, it's the responsibility of the provider to KYC when selling a phone number, not Telegram's.
also 3: safe deposit boxes are not necessarily linked to bank accounts. I pay for a safety deposit box in Switzerland but have no Swiss bank account.
So my guess is EU wants in some way control the narrative in Telegram channels where the vast majority of the news regarding the war in Ukraine spread from the war front to the continent.
> First, it's Pinkman BIATCH not Pinkam.
Sorry. I'm dyslexic and English is not my mother tongue, but the 4th language I've learned, when I was already a teenager.
> was previously suspended by the NM Bar Association
that was the point. TV dramas need good characters and a criminal lawyer who's also a criminal is more interesting than a criminal lawyer who's just a plain boring lawyer that indulges in no criminal activity whatsoever.
At least in case of Section 230, distributirs that do not moderate do not need it because they do indeed have that kind of legal protection - see Cubby v. CompuServe for an example. Section 230 was created because a provider that did moderate tried to use this precedent in court and its applicability was rejected, and Congress decided that this state of affairs incentivized the wrong kind of behavior.
This is precisely why Republicans want to repeal it - if they succeed, it would effectively force Facebook etc to allow any content.
> For example, CP absolutely exists on platforms like FB or IG, but Meta will absolutely try to moderate it away to the best of their ability
Is this true? After decades now of a cat and mouse game, it could be argued that they are simply incapable. As such, the "best of their ability" would be using methods that don't suit their commercials - e.g verifying all users manually, requiring government ID, reviewing all posts and comments before they're posted, or shutting down completely.
I understand these methods are suicidal in capitalism, but they're much closer to the "best of their ability". Why do we accept some of the largest companies in the world shrugging their shoulders and saying "well we're trying in ways that don't impact our bottom line"?
If you provide a service that is used for illegal behavior AND you know it’s being used that way AND you explicitly market your services to users behaving illegally AND the majority of your product is used for illegal deeds THEN you’re gonna have a bad time.
If one out of ten thousand people use your product for illegal deeds you’re fine. If it’s 9 out of 10 you probably aren’t.
> If one out of ten thousand people use your product for illegal deeds you’re fine.
This logic clearly makes the prison of someone like the owner of Telegram difficult to justify, since 99.999% of messages in telegram are completely legal.
If 10,000 people out of 10 million are doing illegal things and you know about it or you are going out of your way to turn a blind eye then you’re gonna have a bad time.
Keep in mind that as soon as you store user accounts you keep user data, which is perhaps a trivial form of eavesdropping, but clearly something law enforcement takes an interest in.
If his was really true for banks there would be a large number of bankers in jail. This number being close to zero, I guess the courts are very lax at charging bankers for crimes.
Banks do a massive amount of tracking and flagging. Even putting a joke “for drugs” in a Venmo field can cause issues. Plus reporting large transactions. There was a massive post on HN yesterday about how often banks close startup accounts due to false positives.
> the real criminals continue doing their business everyday
Any source for that? Media loves to blame banks for everything, but when you go into the details it always seems pretty marginal (e.g. the HSBC Mexico stuff).
It cannot be marginal because drug traffic, just as an example, moves billions of dollars every year. They certainly have schemes and someone in the banking system must be complying with these schemes. Every time the officials uncover one of these schemes, banks are miraculously not charged of anything and they don't even give back the profits of the illegal operation.
Banks are a terrible example for this thread's argument. Banking is essentially the end result of what happens when businesses kowtow to the invasive demands of the government, implement ever-more invasive content policing, becoming de facto arms of the bureaucratic state.
A bank will drop you if they even think you might be doing something (demonstrably on paper) illegal. When opening an account, some of the very first questions a bank asks you are "where did you get this money" and "what do you do for work" - proactively making you responsible for committing to some type of story. All of the illegality you're trying to reference is happening under a backdrop of reams of paperwork that make it look like above board activity to compliance departments. Without that paperwork when shit does hit the fan, people working at the bank do tend to go to jail. But with that paperwork it's "nobody's fault" unless they manage to find a few bank employees to pin it on.
Needless to say, this type of prior restraint regime being applied to free-form communication would be an abject catastrophe.
If you know your services are going to be used to commit a crime, then yes, that makes you an accessory and basically all jurisdictions (I know basically nothing about French criminal law) can prosecute you for that. Crime is, y'know, illegal.
I'm appalled that you would argue in good faith that a tool for communicating in secret can be reasonably described as a service used to commit a crime.
Why aren't all gun manufacturers in jail then? They must know a percentage of their products are going to be used to commit crimes. A much larger percentage than those using Telegram to commit one.
> I'm appalled that you would argue in good faith that a tool for communicating in secret can be reasonably described as a service used to commit a crime.
The usual metaphor is child pornography, but let's pick something less outrageous: espionage. If a spy uses your messaging platform to share their secrets without being detected & prevented, that's using the service to commit a crime. Now, if you're making a profit from said service, that doesn't necessarily make you a criminal, but if you start saying "if spies used this platform, they'd never be stopped or even detected", that could get you in to some serious trouble. If you send a sales team to the KGB to encourage them to use the platform, even more so.
Gun manufacturers have repeatedly been charged with crimes (some are currently in court). I'd argue that messaging platforms have, historically, been less likely to be charged with crimes.
The second amendment gives weapon makers some extra protection in the US, but they do have to be very careful about what they do and do not do in order to avoid going to jail.
> They must know a percentage of their products are going to be used to commit crimes. A much larger percentage than those using Telegram to commit one.
Do you have the stats on that? I don't, but I'm curious. While I don't doubt the vast majority of people using Telegram aren't committing a crime, I know that the vast majority of people using guns also aren't committing a crime.
> I'm appalled that you would argue in good faith that a tool for communicating in secret can be reasonably described as a service used to commit a crime.
That's because you're assuming facts not in evidence and painting the broadest possible argument. Obviously we don't know the details yet, but it's not unlikely that this situation was a bit more specific.
Consider:
F: "We want you to give us the chat logs of this terrorist"
T: "OK!"
F: "Now we need you to give us the logs from this CSAM ring"
T: "No! That's a violation of their free speech rights!"
You can't put your own moral compass in place of the law, basically. That final statement is very reasonably interpreted as obstruction or conspiracy, where a blanket refusal would not be.
You are right; the arrest might be legal and even morally justifiable.
However, I still argue that wanting to provide secret communication (which Telegram actually doesn't do) is not abetting crime or helping it more than any other product.
In fact, in my humble opinion, it's the opposite: Private communications are a countermeasure against the natural tendency of governments to become tyrannical, and thus maintaining one is an act of heroism.
> Private communications are a countermeasure against the natural tendency of governments to become tyrannical, and thus maintaining one is an act of heroism.
That's an easy enough statement in the abstract, but again it doesn't speak to the case of "Durov knowingly hid child porn consumers from law enforcement", which seems likely to be the actual crime. If you want to be the hero in your story, you need to not insert yourself into the plot.
The answer to this charade is that to "prove" that you're not doing anything wrong you need to secretly provide all data from anyone that the government doesn't like. Otherwise you go to jail.
Try to deposit 10k to your bank account and then, when they call you and ask the obvious question, answer that you sold some meth or robbed someone. They will totally be fine with this answer, as they are just a platform for providing money services and well, you can always just pay for everything in cash.
And even then you don’t have to tell them it’s illegal. Just what you earned. Frankly they don’t care where it came from as long as you report and pay.
No, you have to specify where it came from. You don't have to say what crime you committed, but you'd list the income under "income from illegal activities".
Suppose you knit mittens and sell them for cash out of your garage. The IRS expects you to report and pay taxes on the income. How do they check that the sum you specified is correct?
Not sure how it works in the US. In Germany you are supposed to have a cash register or issue an invoice on each purchase, and sometimes (though really rarely given lack of personnel) they can randomly check of your reported numbers make sense together.
It's not clear how that sort of thing would even help, it seems like just a trap for the unwary. If you're an honest person selling your mittens and paying your taxes without knowing you're supposed to have a cash register, you could get unlucky and get in trouble for innocuous behavior. If you're a drug dealer then you get a cash register and ring up all your drug sales as mitten sales. Or, if someone wanted to report less income, they would have a cash register and then use it to ring up less than all of the sales. Whether or not you have the cash register can't distinguish these and is correspondingly pointless.
> operating in a manner where one of your selling points is that you’ll help anyone out even when their intent is to break the law
is it what happened here?
in my view Durov is the owner renting his apartment and not caring what people do inside it, which is not illegal, someone could go as fare as say that it is morally reprensible, but it's not illegal in any way.
It would be different if Durov knew but did not report it.
Which, again, doesn't seem what happened here and it must be proven in a court anyway, I believe everyone in our western legal systems still has the right to the presumption of innocence.
Telegram not spying on its users is the same thing as Mullvad not spying on its users and not saving the logs. I consider it a feature not a bug, for sure not complicity in any crime whatsoever.
What do you mean "look the other way?" Does the phone company "look the other way" when they don't listen in to your calls? Does the post office "look the other way" when they don't read your mail?
That guy who built the hidden compartments should absolutely not have gone to jail. The government needs to be put in check. This has gotten ridiculous.
If the police tell them illegal activity is happening and give them a warrant to wiretap and they are capable of doing so but refuse then yeah they’re looking the other way. That’s not even getting into things like PRISM.
But why don’t they arrest them for allowing it to happen? Phone calls should be actively moderated to block customers who speak about terrorist activity.
Because the telcos _cooperate_ with law enforcement.
It's not whether the platform is being used for illegal activity (all platforms are to some extent, as your facile comment shows). It's whether the operator of a platform actively avoids cooperating with LE to stop that activity once found.
I know. That’s obviously true, but I hate that it happens and it makes no sense to me why more people aren’t upset by it. What I’m trying to get at is that complying with rules that are stupid, ineffective, and unfair is not a good thing and anyone who thinks these goals are reasonable should apply them to equivalent services to realize they’re bad. Cooperation with law enforcement is morally neutral and not important.
The real goal is hurting anyone that’s not aligned with people in power regardless of who is getting helped or harmed. Everyone knows this but so many people in this thread are lying about it.
> anyone who thinks these goals are reasonable should apply them to equivalent services to realize they’re bad
AFAIK these goals _are_ applied to equivalent services. It's just that twitter, FB, Instagram, WhatsApp, and all the others _do_ put in the marginal amount of effort required to remove/prohibit illicit activity on their platform.
Free speech is one thing, refusing to take down CSAM or drug dealing operating in the open is always going to land you in hot water.
I don’t agree that internet platforms deserve to be in their own special category which is uniquely required to police bad content. The only reason it happens is because it’s not politically or technically feasible to do it when the message comes through another medium.
I think it’s wrong on social media for the exact same reason it’s wrong to arrest power companies if a guy staples printed CSAM to a utility pole. Same thing for monitoring private phone calls. We know that AI can detect people talking about terrorism on the phone and cameras can monitor paper ads and newsletters in public spaces, but nobody would advocate for making this a legal requirement because it’s insane. The fact that nobody cares is proof that the public does value privacy and free speech. Why are so many of them tricked into thinking the internet is an exception?
I want people to commit to their beliefs and either admit they want surveillance wherever it’s technically feasible or give up and recognize that internet surveillance is also wrong. No more of this “surveillance is good but legacy platforms are exempt” waffling. Very frustrating and only serves the interests of people who already have power
From what I've read the arrest wasn't related to lack of proactive moderation, but the lack of, or refusal to do, reactive moderation i.e. law enforcement say "there's CSAM being distributed on your platform here" and the owner shrugs
> for the exact same reason it’s wrong to arrest power companies if a guy staples printed CSAM to a utility pole
That seems like a bad analogy. A closer one would be that I rent the pole space to people who I am told by law enforcement are committing serious crime in the open, using the pole I am renting to them. Additionally, I am uniquely capable of a) removing the printouts b) passing on whatever information I have about those involved (maybe zero, but at least I say that). The issue is refusing both. I don't feel they are egregious requests.
(this is not a tacit approval of digital surveillance)
For Reddit it is a bit documented how some power-mods used to flood subreddits with child porn to get them taken down. It was seemingly done with the administration's best wishes. Not sure if it still going on, but some of these people are certainly around, in the same positions.
That’s disgusting but certainly effective to take down something very quickly.
I was very disappointed to hear that UFO related subreddits take down and block UFO sightings. What’s the whole point of the sub if they censor the relevant content.
This is unrelated to main thread but since you brought up UFOs and censorship. Isn't it a disgrace what Wikipedia has done to the trove of "list of UFO sightings"?
Those listings were great and well documented up until about 2019 or so. They've been scrubbed heavily.
Yes it is. I don’t recall when and if I check out the list of UFO sightings on Wikipedia but I’m very aware of the problem.
In the English wiki it’s a group “Guerilla Skepticism” which dominates the field on esoteric content and much more.
In Germany we have the same situation and very likely every language has the same issue.
The bigger pictures is that the whole content from Wikipedia gets fed into the AIs and then it answers you practically the strongly moderates censored misleading content from Wikipedia.
The very disappointing thing is that nobody can’t to anything about the mods in Wikipedia, they dominate the place.
One of those was @rtnews which is definitely state-sponsored propaganda and remains inaccessible to this day.
They cooperated to some degree, but I'll go out on a limb to say that the authorities wanted Telegram to be fully subservient to western government interests.
I think your subtle arguments are wasted on EU's decision to stop the spread of misinformation and manipulation. It's that simple for them. Black and white. Us vs them. Don't think too much, you are taken care of by your "representatives" ...
In this instance (RT being banned), it's Russia's quite candid strategy to undermine social cohesion in their enemies' societies, using disinformation. Margarita Simonyan and Vladislav Surkov have each bragged about its success. So yes, for social cohesion, when there's a malign external actor poisoning public discourse with the intention of splitting societies, a responsible government ought to tackle it.
Information warfare is a real thing, and if you're suggesting governments shouldn't react to it - on the basis that doing so would fall under 'the old enemy of the people argument' - then what you're actually contending is that governments should neglect national defence.
If we start throwing around terms like "social cohesion" to justify censorship in the West, how can we complain about China doing the same in the name of "social harmony"?
there were multiple Kremlin propaganda outlets you could read in the US 40 years ago, although it is true that (IIRC) there were restrictions on broadcast television
think there is a societal interest in unsnoopable messaging.
there are other low-hanging fruit EU governments could do to address crime, NL has basically become a narcostate and they are just sitting by and watching - Telegram is not the problem.
>Eliminating child pornography and organised crime is a societal rather than 'government' interest.
Empirically speaking, governments have had absolutely zero success at this, but their attempts to do so have gotten them the kind of legal power over your life that organised crime could only dream about.
Are you implying that after the Italian mafia there were no more organised crime gangs in the US? There's a huge number of organised crime gangs nowadays; who do you think is distributing the drugs responsible for America's massive drug problem? https://en.wikipedia.org/wiki/List_of_gangs_in_the_United_St... . A policy isn't a success if it kills one crime group only for it to be replaced with more, and the overall drug consumption/distribution rate doesn't decrease. More people are using illicit drugs than ever before: https://www.ibanet.org/unodc-report-drug-use-increase
It’s also the government’s role to take measures against harmful actions. Personal rights end where they start to harm others, or harm society in general. They are not an absolute, and always have to be balanced against other concerns.
However, my GP comment was against the claim that “The state has no business judging the truth”. That claim as stated is absurd, because judging what is true is necessary for a state being able to function in the interest of its people. The commenter likely didn’t mean what they wrote.
One can argue what is harmful and what isn’t, and I certainly don’t agree with many things that are being over-moderated. But please discuss things on that level, and don’t absolutize “free speech”, or argue that authorities shouldn’t care about what is true or not.
> Personal rights end where they start to harm others, or harm society in general
This empty saying is used to justify basically any violation of civil liberty, because it is unprincipled and open ended, so it can be used to respond to any action anyone can take
> The commenter likely didn’t mean what they wrote
No, I meant what I wrote. The government has no business judging the truth. What is the Russian disinformation from earlier in this thread? For example, is it discussing the illegal 2014 coup in Ukraine that ousted a democratically elected government that was friendly to Russia? To EU overlords, discussing that event is “spreading disinformation” even though it is factually true and deserving of discussion. It’s a great example of political censorship being a problem.
> don’t absolutize “free speech”, or argue that authorities shouldn’t care about what is true or not.
Free speech should be absolutized in day to day discussion, even if there are very limited exceptions in the law. It’s when there is permission from society to limit speech that populations end up propagandized and suppressed by whoever has power over them. That’s what is happening here, where people are coming up with absurd mental gymnastics to justify France’s authoritarian actions.
> judging what is true is necessary for a state being able to function in the interest of its people
This sounds like support for Soviet or China style control of speech, and labeling of anything that power disagrees with as misinformation. Authorities shouldn’t care about what is true or not, because they are biased and corrupted by their agendas and ideologies and incentives. The free exchange of information is foundational to any free and democratic society. That’s what is necessary for a state to be able to function in the interest of its people.
As far as I've heard, they did that only under threat of getting kicked out of the Apple and Google app stores. Supposedly, the non-app-store versions don't have these blocks.
In other words, Apple and Google are the only authorities they recognize (see also [1]). I'm not surprised this doesn't sit well with many governments.
The real deal channels are still accessible. I follow them every day. Its the only way of getting a clear picture of the situation in Ukraine. Both sides are heavily using it. Also during combat operations.
I believe both cases come down to how much effort the leaders put into identifying and purging the bad activities on their platforms.
One would hope that there is clear evidence to support a claim that they’re well aware what they’re profiting off and aren’t aggressively shutting it down.
To use Reddit as an example: in the early days it was the Wild West, and there were some absolutely legally gray subreddits. They eventually booted those, and more recently even seem to ban subreddits just because The Verge wrote an article about how people say bad things there.
Dotcom got extradited (which was declared legal much later). Durov landed in a country that had an arrest warrant out for him.
I hope his situation isn't similar to Dotcom's, as Dotcom was shown to be complicit in the crimes he was being persecuted for. Convicting the megaupload people would've been a LOT harder if they hadn't been uploading and curating illegal content on their platform themselves.
As a service provider, you're not responsible for what your users post as long as you take appropriate action after being informed of illegal content. That's where they're trying to get Telegram, because Telegram is known to ignore law enforcement as much as possible (to the point of doing so illegally and getting fined for it).
really? we seal warrants in the US all the time - we don't want people who we are trying to apprehend to always know ahead of time we are trying to apprehend them
There are also valid reasons the other way, like consulting an attorney to challenge the warrant or prepare a defense before it gets executed, disrupts your life and prevents you from clearing your name because you're being incarcerated without bail. It's hard to investigate the charges against you from a cell.
Or the ability of journalists to inform the public of what the government is getting on with in their name. If the government is investigating their critics they have no right to keep it a secret.
You're somewhat mistaken. In the U.S., you aren't owed a warning that the cops are looking for you, especially if you're a flight risk. That was never part of it.
That inconvenient bill of rights keeps us a step or two behind the rest of the anglosphere in decent to tyranny, but only for so long. It just takes a handful of dishonest judges to claim some right actually means something entirely different.
> Because in your eyes it is so gradual the difference between it's happening slowly and not happening at all is imperceptible and impossible to prove.
It's extremely straightforward to prove. You look at the laws that have been passed and the court opinions issued in the last 30-60 years.
The Sud-Ouest article must have been updated because the version currently online does not mention that at all. Quite the opposite, the article quotes an official that was surprised that Durov would come to Paris anyway even though he knew he was under an arrest warrant in France, and another source says that he might have decided to come in France anyway because he believed he'll never be held accountable.
According to the more detailed news sources I can find about this, it seems he knew the French were looking for him. I don't know if he knew about the contents of the warrant, but it does seem he knew the authorities were planning to arrest him.
From what I can tell the warrant has been out for longer, but he was arrested when the airport police noticed his name was on a list. There's not a lot of information out there, with neither the French authorities nor Telegram providing any official statements to the media.
Fuck around and find out. If he legitimately ignored legal French documents forcing him to share information, as the French have declared, he's got got.
You don't step foot on a country with an extradition treaty, even less so the country itself, where you're flouting their warrants for your company's data.
Despite having lots of treaties agreeing to extradition in principle, the UAE is somewhat notorious for never extraditing anybody anywhere in practice.
> the operators of the messenger app Telegram have released user data to the Federal Criminal Police Office (BKA) in several cases. According to SPIEGEL information, this was data from suspects in the areas of child abuse and terrorism. In the case of violations of other criminal offenses, it is still difficult for German investigators to obtain information from Telegram, according to security circles.
> two popular chat services have accused each other of having undisclosed government ties. According to Signal president Meredith Whittaker, Telegram is not only “notoriously insecure” but also “routinely cooperates with governments behind the scenes.” Telegram founder Pavel Durov, on the other hand, claims that “the US government spent $3 million to build Signal’s encryption” and Signal’s current leaders are “activists used by the US state department for regime change abroad.”
I suspect most Tor exit nodes are controlled by the US government and/or its allied governments. It doesn't make much sense for anybody else to run an exit node because your IP gets banned by much of the internet and you get unwanted visits from law enforcement.
"What kinds of people operate tor exit nodes and why do they do it" is one of those questions that I know I'm not even supposed to admit being curious about, let alone ask, in the company of people who are most capable of accurately answering.
1) There was an order signed recently. He has not physically left NZ yet.
2) He's not convicted, he hasn't been in front of a judge for the charges against him
> Convicting the megaupload people would've been a LOT harder if they hadn't been uploading and curating illegal content on their platform themselves.
This is just a gimmick to bamboozle judges and the public. The ploy is to claim that someone is guilty of serious offense A because you proved they committed less serious offense B, even though the offenses have different elements and penalties.
They use the ploy because any large organization by definition has a lot of people in it and copyright infringement is pretty common, so by the law of large numbers somebody in the company is probably doing it even if the company doesn't want them to and then the prosecutors want to claim that the company as a whole is doing something wrong and has to be shut down. Which doesn't make any sense when another company is just going to provide the same perfectly legal service and the users are going to use it for the exact same thing.
Moreover, the obvious way for companies to prevent this -- indeed, the thing Megaupload's replacement started doing after the original was shut down -- is to encrypt everything so their employees have no access to it. Which I have no objection to, but if courts and prosecutors like to be able to issue a subpoena and actually get something back, they might want to reconsider turning the ability of a company to access data into a liability.
Why are these service providers being punished for what their users do
[...]
maybe I'm just being naive?
In this case, the comment does strike me as naive.
Back in the 1990s the tech community convinced itself (myself included) that Napster had zero ethical responsibility for the mass piracy it enabled. In reality, law in a society is supposed to serve that society. The tech community talked itself into believing that the only valid arguments were for Napster. In hindsight, it's less cut-and-dry.
I have never believed E2EE to be viable, in the real world, without a back-door. It makes several horrendous kinds of crime too difficult to combat. It also has some upsides, but including a back-door, in practice, won't erase the upsides for most users.
It is naive to think people (and government) will ignore E2EE; a feature that facilitates child porn, human trafficking, organized crime, murder-for-hire, foreign spying, etc etc. The decision about whether the good attributes justify the bad ones is too impactful on society to defer to chat app CEOs.
That's how most law works. I have to give up my right to murder someone in order to enjoy a society where it's illegal for everyone.
If you believe privacy not inspectable by law enforcement is wrong the prerequisite is saying that you're willing to have the the law apply to you as well.
I believe that privacy not inspectable by law enforcement is a fundamental right. I'm willing to accept that aids some crimes but also willing to change my mind if the latter becomes too much of a problem. It doesn't seem to be the case at all ATM.
Yes, that is my position. E2EE back-doors might not affect my communications or yours, but have serious and undesirable repercussions for some journalists and whistleblowers. The thing is, regular people aren't going to tolerate a sustained parade of news stories in which E2EE helps the world's worst people to evade justice.
This should be obvious to everyone here, but it's pretty much inevitable that if a backdoor exists, criminals will eventually find their way through it. Not to mention the "legitimate" access by corrupt and oppressive governments that can put people in mortal danger for daring to disagree.
No doubt that is true, and presumably Cory Doctorow has written some article making that seem like the only concern. The alternative makes it difficult to enforce all kinds of laws, though.
This comment can itself be said to take for granted the naive view of what law it exposes.
Law is a way to enforce a policy on massive scale, sure. But there is no guarantee that it enforces things that are aiming the best equilibrium of everyone flourishing in society. And even when it does, laws are done by humans, so unless they results from a highly dynamic process that gather feedback from those on which it applies and strive to improve over time, there is almost no chance laws can meet such an ambitious goal.
What if Napster was a symptom, but not of ill behavior? Supposing that unconditional sharing cultural heritage is basically the sane way to go can be backed on solid anthropological evidences, over several hundred millennia.
What if information monopolies is the massive ethical atrocity, enforced by corrupted governments which were hijacked by various sociopaths whose chief goal is to parasite as much as possible resources from societies?
Horrendous crimes, yes there are many out there, often commissioned by governments who will shamelessly throw outrageous lies at there citizens to transform them into cannon fodders and other atrocities.
Regarding fair retribution of most artists out there, we would certainly be better served with universal unconditional net revenue for everyone. The current fame lottery is just as fair as a national bingo as a way to make a decent career.
You know, I agree with nearly all of these points. I even think there is something to your point about Napster 'being a symptom' but (as people love to say around here) it's 'orthogonal' to the original point I wanted to make.
Few things would please me more than to live under a system where arts and culture were freely available to all, and artists didn't have to starve in the process. It doesn't strike me as far-fetched either; it wouldn't take much to improve on the system we currently have.
But my original point was that, given the society we actually had when Napster came along, it was unreasonable for Napster unilaterally to decide for everyone else that existing laws and expectations no longer mattered.
> Horrendous crimes, yes there are
many out there, often commissioned by governments who will shamelessly throw outrageous lies at there citizens to transform them into cannon fodders and other atrocities.
Yes, this happened, is happening and will happen.
I wonder however if the word "often" may perhaps be misleading or even completely wrong.
If you pick one random victim of a horrendous crime today in a western society. Feel free to pick the minority most hated by that society. What is the likelihood that that crime was commissioned by the government? It's more likely domestic violence, trafficking etc done by fellow community members.
Sure there are examples of governments shooting civilian planes in the sky or ferries in the and covering up. And it's perfectly sensible to be outraged when that happens. But jumping to the conclusion that "the government" just does those things as a matter of routine doesn't sound right to me. I don't buy it. It smells conspiratorial thinking and requires extraordinary proof.
You can go ahead and encrypt messages yourself, without explicit E2E support on the platform. In fact, choosing your own secure channel for communicating the key would probably be more secure than anything in-band.
I doubt that will upset the public the way Signal and Telegram eventually will. Most people, including criminals, struggle with tech. If they want E2EE badly enough, and use one of the big messaging GUI apps they can succeed. If they can only do it via less user-friendly software, they'll need help or to do research, and likely will leave a trail behind them. That is more useful to law enforcement than if they simply had downloaded one of the most popular App Store apps. It's hard for a news story about a CLI utility to gain traction.
Historically speaking, a great deal more crime was impossible to combat in practice simply because no state could afford a police apparatus extensive enough to monitor everything. Coincidentally, this also extended to things like political dissent.
Now that automated mass surveillance actually makes it possible for the states to keep tabs on just about everything, E2EE, if anything, merely rebalances the scales (although even that is overselling it - in practice, with modern surveillance tools, the scales are still much more heavily tilted in favor of those surveilling).
To what extent people really want to embrace the panopticon is not so clear-cut. It is certainly something heavily pushed from above, and in many societies that does seem to be reflected in public opinion (e.g. UK) - but not in all, so I do not think it can be reasonably assumed to be the default.
It's better not the Kim Dotcom situation, that would mean Durov encouraged the illegal use of Telegram like Megaupload rewarded file uploads which generated heavy download traffic.
If that would be the case he would be at least a accomplice if not even the Initiator of criminal activities.
Otherwise it would be just an abuse of his service by criminals.
> Why are these service providers being punished for what their users do? Specifically, these service providers? Because Google, Discord, Reddit, etc. all contain some amount of CSAM (and other illegal content), yet I don't see Pichai, Citron, or Huffman getting indicted for anything.
WORSE, you get banned for reporting CSAM to Discord, and I guarantee if you report it to the proper authorities (FBI) they tell them to bug off and get a warrant. Can we please be consistent? If we're going to hold these companies liable for anything, let's be much more consistent. Worse yet, Discord doesnt even have End to End encryption, and the number of child abuse scandals on that platform are insane. People build up communities, where the admins (users, not Discord employees) have perceived power, users (children) want to partake in such things. Its essentially the Roblox issue all over again, devs taking advantage of easily impressionable minors.
Yep. At this point, it's clear to me that Discord is acting with malice. On top of banning people for reporting abuse on their platform, which is by itself insanity, they changed their report system [0] so it's longer possible to report servers/channel/users at all, only specific messages, with no way to report messages in bulk being provided.
They had a scandal where they allowed the furry equivalent of child porn, and quietly banned that type of porn from the platform later on. I assume due to legal requirements.
Edit:
I think the lack of bulk reporting is a pain too. They used to ask for more context. One time I reported a literal nazi admin (swastika posting, racial slurs, and what have you), but the post was "months old" and they told me essentially to "go screw myself" they basically asked why I was in the server.
> Why are these service providers being punished for what their users do?
There is a legal distinction here between what happens on your platform despite your best efforts (what you might call "incidental" use) vs what your platform is designed specifically to do or enable.
Megaupload is a perfect example. It was used to pirate movies. Everyone knew it. The founders knew it. You can't really argue it's incidental or unintended or simply that small amount that gets past moderation.
Telegram, the authorities will argue, fails to moderate CSAM and other illegal activity to the point that it enables it and profits from it, which is legally indistinguishable from specifically designing your platfrom for it.
Many tech people fall into a binary mode of thinking because that's how tech usually works. Either your code works or it doesn't. You see it when arguments about people pirating IP being traced to a customer. Tech people will argue "you can't prove it's me". While technically true, that's not the legal standard.
Legal standards relay on tests. In the ISP case, authorities will look at what was pirated, was it found on your hard drive, was the activity done when you were home or not and so on to establish a balance of probabilities. Is it more likely that all this evidence adds up to your guilt or that an increasingly unlikely set of circumstances explains it where you're innocent?
In the early days of Bitcoin I stayed away (to my detriment) because I coudl see the obvious use case of it being used for illegal stuff, whichh it is. The authorities don't currently care. Bitcoin however is the means that enables ransomware. When someone decides this is a national security issue, Bitcoin is in for a bad time.
Telegram had (for the French at least) risen to the point where they considered it a serious enough issue to warrant their attention and the full force of the government may be brought to bear on it.
> the warrant was issued because of his alleged failure to cooperate with the French authorities.
That would seem to be the key bit. Makes one wonder what level of cooperation is required to not be charged with a slew of the worst crimes imaginable. Is there a French law requiring that messaging providers give up encryption keys that he is known to be in violation of?
The difference is that this is not an isolated case on telegram(you said it yourself: "some amount", which implies "limited"). At the same time, you can literally open up the app and with 0 effort find everything they are accusing them of - drugs, terrorist organizations, public decapitations, you name it. They also provide the ability to search for people and groups around you, and I am literally seeing a channel where people are buying and selling groups "800 meters away" from me and another one for prostitution, which is also illegal in my country. Meanwhile, see their TOS[1]. They have not complied with any of the reports or requests from users (and governments by the looks of it) to crack down on them. While 1:1 chats are theoretically private and encrypted(full disclosure, I do not trust Telegram or any of the people behind it), telegram's security for public channels and groups is absolutely appalling and they are well aware of it - they just chose to look the other way and hope they'd get away with it. You could have given them the benefit of the doubt if those are isolated("some") instances, sure. But just as in the case of Kim Dot-I-support-genocide-com, those are not isolated cases and saying that they had no idea is an obvious lie.
2000/31/EC[2], states that providers are generally not liable for the content they host IF they do not have actual knowledge of illegal activity or content AND upon obtaining such knowledge, they take action and remove and disable access to that content(telegram has been ignoring those). Service providers have no general obligation to monitor but they need to provide notice and take down mechanisms. Assuming that their statement are correct, and they had no idea, they should be in the clear. Telegram provides a notice and take down mechanism. But saying that there are channels with +500k subscribers filled with people celebrating a 4 year old girl with a blown off leg in Ukraine and no one has reported it in 2 and a half years after it was created is indeed naive.
If I have to dig through third party clients in order to trust a system, then it's clearly a shit system. Signal > anything else, especially telegram, which can burn in hell for all I care.
I don't see the difference with Signal here. In both cases, the only reason why you know that they do E2EE properly is because you (or somebody else that you trust) has audited the client code and confirmed that it does indeed do E2EE.
Nor does it require a third party client. In fact, in this regard, Telegram official client is slightly better because they have reproducible builds for iOS, while Signal, last I checked, does not (they do have them for Android).
I’m not a fan of this arrest and I don’t believe service providers have a duty to contravene their security promises so as to monitor their users.
But it seems pretty obvious that governments find the monitoring that Google / Reddit / etc do acceptable, and do not find operation of unmonitorable services acceptable.
VPNs don't pose an obstacle to monitoring any specific activity, and as many VPN-using criminals have found, even their ability to stop law enforcement from identifying you is limited. So they've been less of an issue. Having said that, I would note that Mullavad was forced to remove port forwarding in response to law enforcement interest, and I don't think it would be too surprising (or too dystopian) if in the future "connection laundering" is a crime just like money laundering.
There are several jurisdictions in the world where the government has the power to force a provider to keep logs, and actively lie about it. We simply have no way to know if mullvad or any other logless provider is actually logless, because they can be legally forced to lie about it.
Aside, warrant canaries have never been actually tested in court and the common consensus is that they wouldn't fly in reality if they were ever contested.
Watch his interview with Tucker Carlson and you’ll see. He doesn’t acquiesce to government requests for moderation control, censorship, and sharing private user data so they target him. He refuses to implement backdoors as well. In stark contrast to western social media companies.
If you bothered to look, you would find that both of the examples given are open-source servers. You might then deduce that you misunderstood the comment to which you replied.
You cannot audit the system/service logs for those servers, neither can you audit the hardware running those servers, nor the internet providers who can snoop on the traffic et al... That's the argument behind "Open source server" in case it wasn't clear.
This might be where the misunderstanding is. This software is indeed server software that anyone can run, and the global network consists of servers run by many independent entities, in many cases with full control of the hardware. One of these entities can be you, and it is completely possible to run from home.
The integrity of your conversation with someone would then depend on both your endpoints, clients, and the respective server.
Just like email, but for chat. There is no single gatekeeper who is allowed to use the network.
No misunderstanding at all. The argument is very clear.
> global network consists of servers run by many independent entities
This is not the case for all the popular chat apps including Signal which uses centralized servers which they run themselves. They clearly see little benefit from this distributed independent server model.
And even that doesn't mean the server is open source.
As I explained earlier if you cannot audit the physical server you are connected to, claiming it's open source is useless. FYI that's literally how the term open source was used in this context!
> The integrity of your conversation with someone would then depend on both your endpoints, clients, and the respective server.
Client to client verification simply works and eliminates the need to also "verify" the server which if compromised introduces an even higher risk of contamination in the trust model (too many co-dependent functions are delegated to the server), not to mention collusion in establishing integrity of yet another device that we need to trust.
Not sure what part of my comment amused you so much.
An IM platform server can be open sourced. Just like any kind of software.
It's just a matter of publishing your code and, preferably making it possible to verify that the service your users are connecting to is build using the same published code.
How could you possibly verify what code they are running server-side?
Typically, the way it goes is that you implement e2ee such that even a fully compromised server cannot read the clients messages, publish the client's source code, and build it yourself or use reproducible builds. That ladt part is where you can criticize Signal. Whether they publish the server code is mostly irrelevant unless you want to run a separate messenger infrastructure.
> unless you want to run a separate messenger infrastructure.
Or if you S2S federate with the upstream server. Which is a core differentiator of XMPP and Matrix. Signal server(s) notably supported proper federation during their initial growth-phase but famously closed it off ("The ecosystem is moving").
Similar story as Google [Chat/Talk/Hangouts], which did federate over XMPP before they closed that down years ago.
Huh, I was going to point out that the Signal server isn't Free Software either, since for a while it wasn't being published, but it seems they have gotten back into publishing it.
while it's amazing for them to keep maintaining it, as the person mentioned down the thread, it's hard to know what they are actually running, right? and it's not a lot of work to patch this or clone/branch as necessary before deploying. Oh well, i already resigned that a part of my life will be run by someone else by now.
Publishing server code provides no assurance of anything (although it is still nice, for other reasons) since nobody can know if what they (for any "they") run in production is the same as the public source.
Open client code and documented protoccols are much more important. If you can compile your own client from open source code and it works fine, then you can know for sure what you're sending to the server.
When an authoritarian govt is calling for the release of someone who runs a "private" messenger, it suggests they have a back door. Otherwise they tend to oppose all private messaging.
No, there is no logical link between the two events. Russian govt can protest that for propaganda reasons: to make a point that Western governments are restricting freedom of speech.
They're hitting that Uno Reverse card. Tbf, the US does a LOT of the stuff that we openly criticize Russia and China for. Which, I would hope that people have enough insight to recognize that this is a bad thing across the board. The only people who get hurt and face consequences from this kind of a thing are the citizens.
This is a key perspective people fail to take into account. We've been conditioned by movies, books etc to think everyone fits into these black and white "good and bad" categories.
Most western countries do horrific things we do not find acceptable, but when we do find out we hand wave it away because they're the "good guys".
They don't tend to care until large enough quantities of people start listening despite whatever filters (i.e. de-ranking social media posts) and countermeasures (i.e. cable news assets) are put in place before it gets to that point. Then they very likely have the ability to label it as misinformation and find a legal reason to prosecute under a number of broad categories: https://www.thefederalcriminalattorneys.com/false-informatio...
It came very close to this during Covid, and maybe once or twice since then.
You're free to say what you want, and everyone is free to ignore you if what you say doesn't jive with "common sense".
No. What would be illogical is to assume that because Russia might be motivated to protest for the sake of propaganda, that it is not also, or instead, motivated by not wanting to lose access to a hypothetical backdoor.
I don't completely buy the fact that he was arrested because he didn't cooperate with authorities. World Police forces have an history of infiltrating criminal groups and gaining their trust; planting backdoors isn't the only way they can investigate people.
Also, this way they're yelling loud to these people "hurry! pick another platform!".
And then, he is also on Putin's wanted list; his arrest could one day turn him into a valuable bargaining chip.
Also now they have added “because people watch football matches illegally on Telegram”. So they are going to throw everything at kitchen sink at Durov, probably also national security issues because anti-French political groups use Telegram in Africa.
It is still not backdoor, sorry, you are completely mistaken.
They came - tried to come - in the front door openly (the expression of back door means completely different, just look it up and you will see) to catch criminals, doing well known and prominent criminal activity, but the Telegram decided to protect the criminals instead. You can try to smear in whatever imaginative reasons behind when the reason are in the front of your face, like it or not, it does not matter if you like it or not! Also how much people like the Telegram because 'it is soo user friendly and pretty', not in pair with serious crimes committed and aided there, completely not!
Also it is still the investigative phase but the suspicion is warranted completely.
I seriously do not understand low moral people shielding those helping criminals, do you really not knowing what are you doing, seriously, just because there is a - misleadingly presented - popular service there? Really? Very worrying the moral state of social media user masses.
Telegram publishes open-source clients that can run on open-source platforms. Signal does not offer any client that doesn't depend on proprietary code (either iOS or Google Play Services) and is aggressive about taking down third-party builds that remove that dependency. I'd say there's a lot more reason to assume Telegram is not wilfully backdoored than Signal (though I'd trust Wire or Matrix ahead of either of them).
We have no real way to check for backdoors in Signal either. Signal is not transparent about what code their servers are running, and you are not allowed to start your own server with a known version. They do not allow for independent distribution of reproducible builds on F-droid, or any other application store that does not identify you. They will take steps to lock out any independent implementations of the client from their servers. That the code for their client is released is good, but not good enough.
Which government? There has been a lot of mysterious deanons of protesters in Belarus in 2020. You know, the kind of deanon where armed people break down you door and you're going to be beaten and tortured for several days in the very least.
In practice it is very easy to deanon using social engineering.
It is enough to open a shared link to expose your IP. A lot of people would click something like "Belorussian protestors got deanonized" or "10 ways to keep you safe" in a group chat. Just get it a catchy title. And this link is specially crafted to lead to the exposer server.
Who would watch an interview being held by a crazy person and take it at face value? Anyone with half a brain would avoid watching or listening to Tucker Carlson like the plague.
I strongly suspect there's more to it than just running a chat system used by criminals. If that were the issue then tons of services would be under indictment.
We'll have to wait and see, but I suspect some kind of more direct participation or explicit provable look-the-other-way at CSAM etc.
It seems there has been a misunderstanding; laws for service providers never exempted them from having to cooperate and provide data available to them when ordered.
Let’s just say I encrypt illegal.content prior to uploading it to Platform A. And share the public key separately via Platform B. Maybe even refer Platform A users to a private forum on Platform B to obtain the keys. Are both platforms now on the wrong side of the law?
Aware of what? Government says a file is illegal? Sounds like a censorship regime to me.
Not if the key is provided to the platform operators to confirm the contents. Otherwise yes anyone could claim any encrypted file contains illicit material and people would game that system.
For what it's worth the key may not need to be manually shared to the provider as referrers often leak where people learned about the file and that source location may also contain the key or password. All it takes is one person using a web interface or addon that leaks such information. Some addons break the referrer-policy header and many website operators don't even set the header [1] in the first place. Example header testing [2]. Please test the sites you visit and kindly ask the website operators to address any missing headers.
# nginx example
referrer-policy "strict-origin" always;
Often is the case but I would still suggest setting the referrer policy should the file be enticing enough for people to register an account assuming forum ranks and further actions are not part of the picture.
This is a big problem. Why are we talking about "cooperation"? What does it mean? A judge doesn't ask you to cooperate, he seizes your servers. Ah, it's not a court. It's the police? The state? It's not a free country, sir.
In principle, the police can tell if a song infringes copyright, or if a message spreads hate (I'm trying to sound American here). Or if a picture is really a "cheese pizza" or just a strange artistic depiction of youth. Not because the police don't know about music or TC/IP, or don't care about art or reading. Everyone knows they care. But because it is a legal problem.
In my country, let's call it a republic, at least it was a long time ago, even the state can own all your bases because you don't pay taxes, the police can only arrest you for six hours while they call the prosecutor to check that the 200 grams of white powder is what it is. They knew. They had already stolen the rest. If the forensics aren't quite sure what you're bringing them, it's the stuff that makes the stuff what the stuff is, you're free to go.
The prosecutor can make a case and send the 100 grams of white powder the same day, claiming that the stuff is the same stuff that other similar stuff is made of. He expresses his strong conviction. The judge then sends an arrest warrant to the police. You've been arrested, you have no money, the judge imposes some restrictions on you: you can't leave the country, you can't contact certain people, you have to go to court every week to sign a book. The investigation is open.
You have access to all the documents. Nothing happens without your approval and control.
This is how it works if SIA (yes, the singer) is not involved. If it is, you will be dead for a week and no one will ever find your body.
Because these countries are hypocrites. Because politics, because these guys are from Russia, China. You can so obviously see there's discrimination against companies from those countries. Can you imagine France do this if it's a US company?
Rhetorical question: for what reason should a country be anything other than a hypocrite when it comes to situations such as this? Nations prioritize their own self-interests and that of their allies, even if that makes them appear hypocritical from an outside, or indeed, even an inside perspective. But that doesn't mean there's no legitimacy to what they do.
That's why startups need to get Silicon Valley VC investment so that the VCs can lobby Washington on their behalf with <del>protection money</del> political donations and avoid this crap.
> Why are these service providers being punished for what their users do?
I think this is simplified. Certainly yes, if "all" Telegram was doing was operating a neutral/unmoderated anonymized chat service, then it's hard to see criminal culpability for the reasons you list.
But as people are pointing out, that doesn't seem to be technically correct. Telegram isn't completely anonymous, does have access to important customer data, and is widely suspected of complying with third party requests for that data for law enforcement and regulatory reasons.
So... IF they are doing that, and they're doing it in a non-neutral/non-anonymized way, then they're very plausibly subject to prosectution. Say, if you get a report of terrorist activity and provide data on the terrorists, then a month later get notified that your service is being used to distribute CSAM, and you refuse to cooperate, then it's not that far a reach to label you an accessory to the crime.
I'm not sure where this myth originated—perhaps from Kim Dotcom's Twitter account? I clearly remember the Megaupload case. They knew they were hosting pirated content, didn't delete it after requests[1], and shared money with the people who uploaded it because that was their business model.
>> Why are these service providers being punished for what their users do?
Are we 100% certain that this is only about Telegram? I want to see the allegations, not the vague charges, before pontificating about ISP liability. These charges might be more straightforwards.
Dotcom is being prosecuted for knowingly and deliberately directing and encouraging the unlawful behavior of his users, and it's a criminal prosecution rather than a civil case because he's accused of building a (lucrative) business off the effort. You don't have to agree with the case or believe the DOJ has made it adequately (it's early to say, given the extradition drama), but it's not reasonable to say that Dotcom is being prosecuted "for what his users did", any more than it would be reasonable to say that a mafia kingpin was being prosecuted for what their street crews did at their behest.
(I have no idea what's going on with Durov, or how French and/or EU law works, except to say that legal analysis on HN tends sharply towards US norms, and people should remember that a lot of basic US legal norms, like the rules of evidence and against self-incrimination, do not generally apply in Europe.)
We've banned this account for breaking the site guidelines and ignoring our requests to stop.
If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future. They're here: https://news.ycombinator.com/newsguidelines.html.
Kim Dotcom is still harassed because he is very vocal against the US and what is happening in Ukraine. https://x.com/KimDotcom
The US narrative on Ukraine and Israel is getting weaker. Thorns like Kim Dotcom that has a big following, Telegram that is the only social platform to access the Russian side of the events, can break the US narrative.
It is ironic that the US screams Russia did a war crime in Bucha but Israel on Gaza is fine.
True. Best source to get info from the war are on Telegram. Both Ukrainian and Russian ones. Some channels have millions of users and provide daily map updates, information about enemy positions and even information about locations where equipement is stored in EU countries.
At least Kim Dotcom earings and the main utility of the service was indeed based on pirated content. Telegram is huge news/chat/etc app, where the things the mention as "enabling" as totally marginal and coincidental, more like arresting a property owner that owns half of the city because some people sold drugs in a few of the apartments.
I think the real difference is the intent. If your platform makes it extremely easy to do illegal things, and you choose not to put in the controls to stop it, and then I think it is fair that government should stop.
Because some things like terrorism and child sex abuse are harms to society as a whole, and even private individuals have an obligation to help combat them. Durov has a service where by design it's hard to filter out that kind of activity, and he's effectively (if not explicitly) helping protect that activity.
No because HP printers *do* print tracking marks to allow law enforcement to match a printout to a printer if they find abuse material that's been printed.
I find it amazing that this is used as an example of a good thing.
A few decades ago, one of the factoids about USSR was that they required all typewriters to be registered with the state, with a sample page produced for every unit manufactured so that the state could track their use (this last bit is unlikely to be true, but was widely believed). That was supposed to be a case in point on why free societies are better, not an example to follow.
I was pointing out that the GP's strawman was really immaterial because HP don't get sued/arrested because they comply with law enforcement (at the expense of user privacy).
Since I know better than to use a printer in the commission of a crime, it doesn't really affect me, but I'm aware that the majority of users consider it a privacy violation.
If you think one person printing out CSAM on a printer one page at a time is the same as running a service that facilitates tens of thousands of people to trade CSAM, there's nothing I can say to explain it to you.
> So is France going to arrest the owners of HP, because their printers can't filter out CSAM?
A more comparable example, is France going to arrest someone who maintains a printer in an office and knows an employee is printing CSAM but doing nothing about it?
I hope they would, this is the boat Telegram is in.
kim dotcom ran basically a pirated game/book/music/movie site. Telegram (what I have seen) is mostly hacking leaks although rumored to have CSAM (to those not familiar with the acronym, it means cheese pizza).
Of course you can find both somewhere in the walled planetary garden of googlotron in facebooks sure. But they clamp down on it hard as they can. They clamp down on anything marginally offensive much less illegal. Have you tried the facebook "report post" interface? there are 3,000 various types of offensiveness you may report. That's their bar, their standard, that's 1,000 miles away from definitely illegal content. If their censorship apparatik is so bold as to be wiping out vast swaths of totally valid free speech, anything illegal has no chance.
If the question is "what's a great place to go for piracy" - megaupload, pirate bay, etc, then any common answer to that question is a target... "where to I go for data breaches" - breachforums, telegram, etc. Don't get worked up, all those places were destroyed by the feds and no longer exist.
Google, Discord, and Reddit all take swift and decisive action against CSAM. I have never organically encountered CSAM on Google, and have only encountered it on Discord and Reddit because of deliberate bad actors. Outside of Reddit's early mistakes with /r/jailbait, none of these services end up being preferred by pedophile communities, because they can expect to be shut down quickly if they rally there.
Telegram has become a hotspot for CSAM to the point that it is pretty much inevitable that you're going to encounter someone peddling it just by browsing other channels.
Whoa, it's absurd if true... I fail to see how being responsible for not cooperating with authorities can be turned into being accused of these crimes. And I don't care for the legal gymnastics which makes this possible - the law exists to serve the public interest and is of no inherent value.
In every country I know of, the freedom to not be responsible for what your user's do on a platform includes certain requirements. Removing illegal content is the very least a platform must do.
Every country has their own definition of "illegal" content, but things like CSAM are illegal everywhere, and that's one area where Telegram never really bothered to take action.
The arrest warrant has been out for a while, so I doubt Durov got himself arrested by accident. He probably has a plan, or at least good lawyers.
So if I own and operate a hardware store (or any other storefront) and do nothing about people who are clearly using it to deal fentanyl, I'm absolved of all wrong doing?
The Silk Road was designed and marketed explicitly towards criminals to facilitate crime and AFAIK had practically no other uses. So, it's not a reasonable comparison.
Why do I bring that line of reasoning up? Because an actually exhaustive traversal of 2nd-6th order effects renders everyone complicit in something, especially in the presence of things criminalizing not looking for things.
You should never count yourself out of being a complicit party for something, and realize that if you're going to impose a penalty on a group you consider a "them"; it is likely only a matter of time invested enumerating your effects in the world to make evident something they did has been enabled by you. Even if only by you not making the choice to do something about them.
Bad things will happen. We can't prevent them all. And trying to zero any class of bad thing has so many onock on effects, that even the most trivial sounding solutions need be met with strictest scritiny to figure out what they will break.
Not true. That charge was dropped. He was convicted of numerous other charges related to running Silk Road: Engaging in a continuing criminal enterprise, distributing narcotics, distributing narcotics by means of the Internet, conspiring to distribute narcotics, etc.
> Pavel Durov, Telegram founder, arrested by France following warrant - The Jerusalem Post
> The alleged offenses include: terrorism, narcotic supply, fraud, money laundering and receiving stolen goods.
For those unaware, all channel on telegram are NOT ENCRYPTED. They are stored in plaintext on telegram servers. All chats that are not 'secret chat' mode (single device to single device) are NOT ENCRYPTED (stored in plaintext on server).
This is not about encryption, it is about the plaintext data and the organized crime happening in these channels.
Signal group chats ARE ENCRYPTED by default. It is actually not possible to send an unencrypted message on signal. This will not pivot into an E2E issue, and will not affect signal which has set itself up to not store unencrypted content on it's servers.
EDIT: Also possibly this may be a factor in the decision to arrest:
> finance.yahoo.com
> • 2 weeks ago
> Telegram adds new ways for creators to earn money on its platform
> Today's announcement comes as Telegram reached 950 million active users last month, and aims to cross the 1 billion mark this year. Earlier this year, Telegram founder Pavel Durov said the company expects to hit profitability next year and is considering going public.
This is effectively plaintext, in that one entity has all of those secrets for everyone. That's one entity to subpoena.
If that entity doesn't comply, governments will get upset and charge your executives with crimes if they get the chance.
Different jurisdictions makes it harder to kick down the doors and get the keys, but it doesn't change the fundamental problem.
"Nuh-uh, I put all those records in a box in Switzerland, you can't have them" does not work well for US citizens, unless the government fails to even notice the box.
Data that is transmitted or stored along with the keys is effectively plaintext, which Telegram does. The data is effectively plaintext on my device, at Telegram, and on the group members' devices, even if it is not plaintext in-between.
Data I send to a website over TLS is effectively plaintext on my computer and on the other side; in transit, it is not.
It all comes down to your threat model. Encryption does not protect information from entities who hold the keys to decrypt that information.
> It's not. They use a split-key encryption system so it's not exactly the same as storing the keys where the data is.
Yes, again, it all comes down to your threat model. No one can kick down the door and get to the keys.
But Telegram can get to all the keys, and thus can be legally expected to. The data is effectively plaintext to Telegram.
> Is MTProto 2.0 Cloud Encryption plaintext? No.
Just to note: "effectively plaintext" has been in use for a couple of decades as a term of art. We don't say it's plaintext, because it's not. It means there's effectively no security properties lent by the encryption.
For example, my web browser encrypts a few passwords for me and stores them on disk, but doesn't need a cryptographic secret from me to decrypt them; they're effectively plaintext, because no one has to break any encryption to read them.
Indeed, here's a thread on HN from 2013, where Durov is participating, where people are using "effectively plaintext" in exactly this way to describe exactly what we're talking about: https://news.ycombinator.com/item?id=6937097
Yeah, I don't doubt that it can be improved. I hope it does because Telegram is not a fringe messenger anymore. There can be improvements made to the infrastructure, so that they don't keep facing these issues again and again.
There was no discussion of whether it can be improved. I was just telling you that it meets the established understanding of the term "effectively plaintext," which you were seeming to disagree with.
Yeah, I would still disagree because everything is effectively plaintext in the end. The only difference is how you derive the key. There are levels of encryption, that is true but I think calling an actual encryption as 'effectively plaintext' is wrong.
Telegram CEO has access to all keys and therefore all chats. Matrix foundation has no such access. These two examples should explain the difference between "effectively plaintext" and e2ee. The main difference is not how someone derives the key. It's who can do it.
Browsers should be interacting with the OS to require something (like your system password, Touch ID, etc.) to have unlocked the vault before being allowed to auto complete.
No, end-to-end encrypted systems are not effectively plaintext. That's a distinction anyone familiar with cryptography is well aware of, but Telegram has been gaslighting their user/fanbase and many journalists about it for years.
Signal does not have access to the keys for the text. The government can not decrypt your signal chats no matter how much the company might want them to.
This is such an ignorant comment I am really disappointed at reading this here.
Besides the protocol used by Telegram being publicly available so you can easily confirm in 5 minutes that what you're saying is completely wrong, but you're also saying that law enforcement can totally see all those plain text messages hosted by Telegram, yet they choose to be really upset about it anyway despite it being, according to you, the best possible honeypot ever created with all criminal activity readily available for their peruse. Why, I ask you, would law enforcement want to stop such an app??? They would be completely silent about it and enjoy catching all criminals in it who are "ignorantly" thinking their messages are safe, wouldn't they??
Given the amount of baseless comments like yours on this topic, I can only imagine there's a concerted effort here to misinform everyone to make Telegram look bad so actual criminals move away from it to some more law enforcement-friendly platform. I have conflicting feelings about that, as perhaps the intention is noble, but I can never agree with misleading people by spreading misinformation and plain lies.
Yes, the data is encrypted in transit. But Telegram can decrypt the data.
We can see that's true, because when I add a new device I can get into all my group chats.
Only if I explicitly "Start secret chat" does something else happen.
Telegram is sitting on a lot of group chats where a lot of horrible things are happening that governments want to see... and gets upset when Telegram doesn't use this access to share that information in response to lawful orders.
> I can only imagine there's a concerted effort here to misinform everyone
Assume good faith-- it's in the guidelines. I have been here just as long as you. I am not part of some shadowy conspiracy to make people think that Telegram security is bad.
I feel like people just don't understand the term of art "effectively plaintext".
Alternatively, if you thought I was talking about secret chats in general-- note that we are in a subthread talking explicitly about channels and non-secret chats:
"For those unaware, all channel on telegram are NOT ENCRYPTED. They are stored in plaintext on telegram servers. All chats that are not 'secret chat' mode (single device to single device) are NOT ENCRYPTED (stored in plaintext on server)."
Law enforcement totally could see all those plaintext messages, if Telegram would honor their requests. But they don't, hence their CEO is being detained.
That's a position he knowingly and willingly maneuvered himself into. Compare that with e.g. the way Signal answers subpoenas: https://signal.org/bigbrother/
> Besides the protocol used by Telegram being publicly available so you can easily confirm in 5 minutes that what you're saying is completely wrong
There's absolutely no need to analyzse the protocol, since you can just perform a high-level mud puddle test [1], and Telegram fails it. I've tried this myself.
It could be worth a try to extract the keys of one server with a liquid nitrogen can and a cold boot attack. Or something more advanced that isn’t documented on Wikipedia.
RAM can be XOR'd with little latency with hardware acceleration with a key in a slightly - separated secure enclave that will degrade if upset too rapidly, similar to a virtual da Vinci cryptex.
radio/bluetooth/em/sensitive/proximity warning switches to unmount virtualized volumes all in a quasi-state-sanctioned-"contact center" in middle Ukraine.
They are trying their best to prevent the inevitable; the ungovernable, untaxable, uncensorable, un-surveillable commerce and communication platform that will eventually arise from the amalgamation of human's pesky technology and its crossroads with the human condition.
The hate for all things labeled "crypto" (convenient poising the well/doublespeak) was a (partially) government sigh op astro-fabri-exagerated to sway public opinion against anything "crypto" so that an ungovernable, decentralized, general trust-less computation protocol/escrow/rep using zkp+ and hormophic encryption was not able to be realized before the alfabit bois got a chance to mole into the development pipeline and backdoor the inevitable Merchanti Ultimatum; anything less would be a massive national security threat globally.
> It stores it encrypted with encryption keys split across the globe.
The physical storage location is completely irrelevant. What matters is access, and they have that.
Telegram has full operational control over these keys, as demonstrated by the fact that anyone that can perform SMS verification is able to access past messages on an account, and SMS-OTP can in principle not involve any cryptographic operation, as there is absolutely no user input.
> Not perfect, but multiple legal jurisdictions would have to be subpoenad for Telegram to read your non-secret chats.
Thats not how legal works.
for example if I am an EU based judge and I issue a warrant for getting data from a company in a case related to something important (your values may vary, but lets say its not about parking fines) then if your company wants to continue to operate in the EU, you need to pony up the data, or tell them why your can't comply, rather than won't
Having your data stored with keys that you control isn't an excuse.
> They are stored in plaintext on telegram servers
FYI, this is a totally misleading and false claim.
Telegram uses the MTProto 2.0 Cloud algorithm for non-secret chats[1][2].
In fact, it uses a split-key encryption system and the servers are all stored in multiple jurisdictions. So even Telegram employees can't decrypt the chats, because you'd need to compromise all the servers at the same time.
Telegram's algorithm has been independently audited multiple times. Compared to other apps like WhatsApp with claims of E2EE and no body of verification and validation.[3]
> So even Telegram employees can't decrypt the chats
I very much doubt that. If Durov wanted to, they could decrypt all of those messages.
That fancy encryption system is worthless when someone can hijack the session of any of the users in a chosen group. This is a risk in many crypto messengers, but those usually come with optional key verification whereas Telegram doesn't have that outside of encrypted one-on-one chats.
Because of the nature of the encryption, it allows more convenience compared to WhatsApp and Signal. For example, on Telegram you can (and we do) have a million people in a group without exposing their phone numbers. This has proven itself to be extremely useful to protestors. Signal failed massively, you couldn't add too many people and you always had the risk of exposing the phone numbers.
Along with that, you can use Telegram on as many devices as you want. The chats instantly appear after login. WhatsApp and Signal both are lacking here.
So there are always tradeoffs when it comes to encryption and convenience.
Telegram's focus has been on the convenience side and providing assurance using a clean record of protecting user-data from governments, which is why Telegram was created in the first place.
Can the encryption be improved? Of course yes! I'd love to! but I think much of the criticism by the WhatsApp loving crowd is not only disingenuous, but also harmful.
I agree, that is very convenient.
Also for the secret police officer..
I use telegram as social media, but I really would not use it to organize protest somewhere. Then the whole safety depends on whether Durov made a deal with the secret police, or them infiltrating the servers to know everything about anyone involved. What they liked at what time, what pictures they shared, etc.
That’s my concern as well, maybe none of the devs have the capability, but if -anyone- does it’s Durov, so why not just grab him under false pretenses and throw the book at him, trying to scare him into compliance with anything they want or face the rest of his life in the worse French prison they can find for him.
This is likely why the grabbed Durov, he has the keys to the kingdom. Telegram is a remarkably small company and not a 800lb gorilla and it would be very easy for him to provide whatever they need if he folds.
> Compared to other apps like WhatsApp with claims of E2EE and no body of verification and validation.
We do have at least some empirical evidence that WhatsApp is properly encrypted. WhatsApp's cryptography has made judges in my country foam at the mouth with rage so hard they ordered retaliatory nation wide blocks of the service at least twice.
People are right to distrust Meta but I for one am glad that everyone I know is using WhatsApp. I also have Signal and Matrix but a grand total of zero people message me through those.
> We do have at least some empirical evidence that WhatsApp is properly encrypted
so do we. Telegram's MTProto 2.0 has been audited multiple times by independent researchers, compared to WhatsApp's closed-source claims of E2EE.
I'd rather trust a company with a proven track record of no security incidents and fight for user privacy than a corporation which lies through its teeth time and again.
What is stopping Telegram from signing in as you and reading all of your past messages by changing how the authentication logic is handled for specific targeted users? Not saying they have done this, but they obviously could.
We can agree on the statement "Telegram does not cooperate with law enforcement authorities".
This is however something completely different from and largely orthogonal to "Telegram does not have access to their users' message contents".
The fact that they are consistently claiming the former and the latter makes them seem extremely untrustworthy to me.
Gaining my trust requires truthfulness and transparencies about the capabilities and limits of a service provider's technology (but of course is in no way sufficient).
Unless I’m missing something, your mproto link only covers transport level encryption not storage.
It doesn’t include E2E encryption in the scheme only client to server.
Whether the server stores it as plaintext or not, is moot to the point of having telegram itself be able to see the chats because they hold the encryption keys of the server and therefore can be made to comply with legal requests.
The person you replied to may be incorrect on the aspect of plain text but imho they’re right that it’s not really relevant in this context.
Encrypted storage would be relevant for the case where a server is compromised by a hacker.
I can't open the telegram.com links, blocked at work :/
But the Arxiv paper says:
"We stress that peer clients never communicate directly: messages always go through a server, where they are stored to permit later retrieval by the recipient. Cloud chat messages are kept in clear text, while secret chat messages are encrypted with the peers’ session key, which should be unknown to the server."
So it doesn't appear to be encrypted-at-rest, but without reading the telegram documentation I can't verify that.
This rebuttalakes no sense to me. What you cite is about about transport encryption. App -> Server. The end of the process is that the receiver (Telegram servers) receives a decrypted (plaintext) message, just as kelsey98765431 is saying.
> FYI, this is a totally misleading and false claim.
No, you seem to have have in fact fallen for Telegram's continuous intentional misinformation.
The only thing that matters for whether we can call something "encrypted" or "plaintext" (or more precisely, "end-to-end encrypted" vs. "storage encrypted at rest" or "encrypted in transit" etc.) is whether they, the service providers, can access it themselves.
Would you argue they can't? And if so, how come can I log in to my Telegram account using only SMS verification and access my old messages?
Yeah. I have no idea how Telegram got this reputation for privacy.
I'd like to point out WhatsApp chats are also end-to-end encrypted, just like in Signal. People aren't wrong to distrust Meta but I'd like to point out that WhatsApp encryption often makes judges here seethe to the point they order nation wide blocks of WhatsApp out of spite. The fact everyone I know uses something this secure makes me very happy. It's not perfect but since network effects makes alternatives unusable I'll take what I can get.
See my comment above about the unencrypted backup.
It's basically a UX tradeoff:
You can not promote default E2E + no autobackups -- people in mass are not ready to lose their data when losing the device. Nor they are ready to store the key separately in a confidential manner. Nor they are ready to manually transfer the key among different devices.
All this UX situation is defined by Moxie (the author of Signal and Whatsapp encryption) in his blog post about PGP/WoT concept meeting the reality https://moxie.org/2015/02/24/gpg-and-me.html
So in fact as the average user you have either:
1) E2E + unenctypted autobackup (Whatsapp)
or
2) no e2e by default and separate e2e secret chats (Telegram) that are available only on a specific device.
In the first scenario all your chats inclusing the most sensitive are available by the law enforcement by issuing a warrant to your file storage provider.
In the second scenario you potentially can spill some sensitive information in default non-encrypted chats.
What is worse? I don't know. But I use both Telegram and Whatsapp with backups turned off. So I'm losing all the Whatsapp chat history when using a new device while losing only secret chats In Telegram (not a problem for me since I delete them often manually or set a self-destruct timer anyway)
Backups are encrypted now. Looks like they improved it.
I get it. I'm a privacy and free and open source software enthusiast. It's not perfect. It certainly is better than alternatives though. We know for a fact that it pisses off judges and authorities. That's a major sign that its working. You should be concerned when they stop complaining about it, it means they got in.
Judges and authorities complaining is not a proof that encryption is good. Not cooperating with court will have the same effect, which is exactly what Durov is allegedly accused of.
And non E2E chats by default is an intentional design desision.
Pavel previously gave comments about these tradeoffs:
In some sense it is better design than Whatsapp's e2e by default BUT 99%+ users have an automated backup to an un-e2encrypted storage such as Google Drive.
Anyway, while it's possible to activate a Telegram account without a physical phone (using some temporary number services) or using an (relatively) anonymous SIM card 99% of users use it via Android or iOS and that's means there is no need to grab data from Telegram, USA gov. as well as Apple or Alphabet could simply milk them from their OSes, virtual keyboards and so on.
It's really cloying how many do focus on the service instead of weighting the ecosystem...
It's Kit Klarenberg of Grayzone. If he claims X, you should believe the opposite with much better than even odds. It could have been a hint to you when the news source of your choice attributes everything in the world to the CIA.
other countries do this and wonder why they aren't centers of technical innovation. why would anyone working on a privacy-centric tool, after seeing this, base themselves in .fr?
“ French authorities believe that Telegram, under Durov’s leadership, became a major platform for organised crime due to its encrypted messaging services, which allegedly facilitated illegal activities. ” One could replace Telegram with any other products and find abuse by users of the products to concoct a reason to arrest anyone. This is what an authoritarian regime would do. It’s shocking to see it becomes part of the playbook of the French government.
I don't know anything about this guy or the basis of these charges but if he is only "guilty" of operating a messaging platform with the option of end-to-end encryption, thus can't let law enforcement tap into private communications when customer's enable that option, how can he be held responsible for the criminal actions of those customers when he isn't even aware of the actions and physically cannot tap into them himself?
This seems like some heavy-handed government coercion.
So let's say I open up a night club. I have to abide the laws and regulations, and make sure things like the following: Minors aren't getting in or being served alcohol, that people aren't selling drugs there, that prostitutes aren't doing business there.
If undercover agents come by, and discover that minors are purchasing alcohol - the business will get fined, and likely banned from selling alcohol for some time.
If I, the owner, continue to ignore authorities and flat out refuse to cooperate, and there are new busts - I would expect to face charges. The joint would likely get shut down, and I could be liable. If things are severe enough, I'll likely be investigated for running a criminal enterprise there.
Obviously there are differences in how things are regulated in the different countries - but in countries where the CEO assumes total responsibility, and the buck stops there - it would make sense that the CEO will get charged with those sort of things, if the company has not done enough to cooperate or moderate their product and users.
Lets say I open up a grocery store. Criminals start buying their food and bookkeeping supplies there. The police discover this. Should I be held liable for fueling and enabling these criminals?
the crux of the problem here is that the french police asked for their purchase history, and you said "sorry, i already gave them to the Russian fsb" ;)
Rights don't give you super power to ignore laws. He failed to follow judicial orders. If he doesn't want to follow French justice orders, then leave France for good.
I'm generally very pro EU, but this anti-encryption stuff they try to pull these last couple of years needs to stop. If it's proven that Pavel Durov is facilitating bad actors with purpose, that's a different story, but creating a secure messaging platform by itself should not constitute a crime.
Telegram is not a secure messaging platform. By default Telegram is not encrypted at all. Only "secret chats" in Telegram are encrypted. Telegram groups are not - and those can be made public and basically are just Telegram hosting content on their servers for you.
That's a popular lie, Telegram uses the MTProto 2.0 Cloud algorithm for non-secret chats, which is audited and verified by multiple independent parties. For example WhatsApp claims it uses EE2E encrypted chats, how ever these claims are unverified and not audited. Also their chief executives are not in jail, coincidentally.
You can consult these links if you want to read more about it:
This is a Ukraine channel. You can preview it in a web browser. If Telegram can enable that functionality, then it means they have the complete capability to serve the content of the channel. Same story if they can scroll back an existing channel to new users.
Channels were meant to be public. No-one ever claimed encryption for channels since it is nonsense.
You claim that only secret chats are encrypted in telegram, which is straight not true. You can pull up a link to public channel and everyone can preview the posts, that's obvious. You cannot do the same trick with group chats because they are private and encrypted using MTProto
MTProto is pretty much transport layer encryption. After the MTProto decryption occurs, Telegram servers still ultimately receive your unencrypted message encoded as a https://core.telegram.org/method/messages.sendMessage to send it to the recipient and to store it. How do you think it is possible that you can sign in on a new device and get all of your old messages? There's a reason Signal can't do that.
MTProto is not pretty much transport layer encryption, Telegram servers receive messages encrypted with an auth_key which is created during registration directly on the device and never exchanged via network. When you sign in on a new device, you have to communicate the keys with your other devices, and there is also a second-factor user defined recovery password in place, which is not stored or known to the telegram servers. If you loose your permament session you may be locked out of your account and data forever. Everything is documented at the links, audited and verified, and everything is possible - you can just read how it works.
There is so much oddness surrounding this.. First, I don't really see how you can prosecute ideas, because as much as authorities will try and narrowly-define this case as being about moderation (of a platform), and cooperation with authorities, ultimately this is really an attempt to prosecute the idea/concept of publicly available 'e2e' encrypted communications. Second though... How does that list of charges only amount to a maximum of 20 years ? lol
In the meantime French government is promoting Olvid that claims “Your exchanges leave no digital trace. No one will ever know who you’ve discussed with.” How does it make any sense?
Telegram has always been just one slip away from this kind of stuffs because it's a centralized service. Depending on how laws are read, it could be seen as complicit in various crimes, and it's politicians who decide how to read those laws, not tech people. It might be the end of those good days where things were so simple and easy.
A lot of really terrible takes in this comment section. Telegram didn't have encrypted groups by default, and telegram possessed a lot of content on their servers that they had been made aware was illegal and didn't cooperate. Nothing more, nothing less.
The comparisons to other providers is off base because either other providers are cooperating more when they possess actionable, unencrypted information and taking steps to detect or prevent such recurrences or they are like Signal and do not have access to the underlying material in the first place or store it for very long anyway.
One cannot legally run a hosted, unmoderated content platform in the developed world, one will always be required to remove illegal materials and turn over materials in cooperation with law enforcement.
A lot more and a lot less than that. Arresting this CEO in France is largely a political decision, not a politically neutral enforcement action against the Telegram platform.
They don’t perform the same enforcement against other entities they could go after.
How is it not just a neutral enforcement action against the Telegram platform? The Telegram platform knowingly hosts illegal content in unencrypted format and does little to moderate that, which is illegal in many countries. The CEO is accountable for how the company operates and what happens on the platform.
If Telegram breaks the law - which it does - it’s completely logical that the CEO is held accountable for that and is arrested
Telegram always elicits bizarre reactions from the public. On one side there’s actual security professionals saying don’t use Telegram because it’s not fully E2E encrypted, and on the other side there’s people who are convinced that it’s secure because Marketing and that there’s this big conspiracy to stop people from using Telegram.
The real conspiracy theory is: Telegram have never made any attempt to either implement full E2E or to dissuade their users for using it for politically sensitive messages. Why not?
> The real conspiracy theory is: Telegram have never made any attempt to either implement full E2E or to dissuade their users for using it for politically sensitive messages. Why not?
Could be something nefarious or could be because not doing things is easier than doing things. Why bother if the existing conditions are just fine (for Telegram)?
I sincerely doubt that Telegram makes most of it's money by being this kind of host. I don't generally give the government the benefit of the doubt when it comes to _communication_ platforms. I also see zero evidence that Telegram's existence or policies help promote or create crime in any way.
It's not conspiratorial to refuse to show deference to the government which currently only has vague accusations to justify jailing a CEO. If the French government was so concerned about the criminal aspect then they should just order Telegram to not operate in France or they should work to block it at a national level.
The problem, the reaction, and the solution are not at all aligned here. Why anyone would jump in to defend the government's actions is absolutely beyond me.
> "which currently only has vague accusations to justify jailing a CEO"
If they are charging him and intend to convict, they have specific accusations, unless the French legal system is much different than the rest of the western world.
> "If the French government was so concerned about the criminal aspect then they should just order Telegram to not operate in France or they should work to block it at a national level."
Many governments with anti-CSAM laws exercise universal jurisdiction in those statues (i.e. they will to prosecute anyone for those crimes regardless of where they were committed and regardless if the person in question is a citizen), that being said it isn't entirely relevant here since the defendant is a French citizen. I would fully expect a government with CSAM accusations to prosecute those involved in facilitating such not just "block" them.
It's worth noting that the person in question was just arrested, so the trial hasn't happened yet, and yes the government could be full of shit, that would presumably come out at trial as dropped charges or an acquittal.
Precisely. So the constant need for people to gatekeep in here and chastise other people for having a negative view of the French government's actions is, to me, absurd.
> and yes the government could be full of shit
Yes. That's the assertion based upon the balance of history and probability and the complete disconnect between these actions and actual law enforcement outcomes.
> that would presumably come out at trial as dropped charges or an acquittal.
That doesn't mean we can't have a discussion about it.
> I sincerely doubt that Telegram makes most of it's money by being this kind of host.
One thing I did find suspicious about Telegram was that accounts that are restricted for "spam" can create a new account and pay for a premium license to remove the restrictions on the new account. Seemed like a racket to me.
> One cannot legally run a hosted, unmoderated content platform in the developed world, one will always be required to remove illegal materials and turn over materials in cooperation with law enforcement.
Just would like to clarify, Telegram does take down channels/bots in some cases including copyright infringement. The only bots I’ve dealt with were music downloaders so I don’t know much about other kinds of takedowns, but it’s wrong to say that telegram doesn’t/didn’t take down material. Perhaps not enough or frequently enough, and I certainly don’t condone immoral activities- but they do do it sometimes.
They do it whenever the risk of Apple or Google kicking them out of their respective app stores becomes too great. That's presumably the only entities they take content moderation input from.
ultimately this fight against unmonitored messaging is going to be a lost one for the developed world. people who want encrypted group chats will get them
As I hinted at earlier Signal does not have this issue because generally they are not aware of the underlying content. Even if Signal becomes aware of said content, it likely isn't hosted on their servers anymore as their store and forward system is highly transient. The most signal could do is be compelled to block specific users and maybe shutdown certain groups (not sure on that last one, would have to review the group architecture)
Precisely my point - moderated messaging in the modern era will ultimately be unenforceable.
Which is why I don’t see why certain services should be legally penalized just because they don’t happen to be E2E encrypted. Like if Telegram was instead e2e encrypted, why should that be legal if what they were previously doing wasn’t?
1) On the technical side, Telegram groups operate more like a bulletin board, content is posted and can be fetched over and over again, a bulletin board owner can be compelled to remove material and if non-cooperating considered to be facilitating. Signal is more like a conversation in the town-square or a letter box of sealed envelopes. Once the content is fetched, it's gone. If signal is made aware that certain envelopes contain material that needs to be removed, I'm sure they would do so provided they still possess them.
2) On the non-technical side, many countries have crimes that are all about who knew what and when did they know it and could that have acted (or did they have a duty to do so). Facilitating, accessory, accessory after the fact call it what you will but that's more of a legal / philosophical argument to be had about the legal system in general rather than telegram specifically. A situation were telegram was made aware of illegal activity and was hosting said content in the clear and did nothing is manifestly different from a case where those facts did not exist, in most legal systems.
So essentially what you are saying that because we couldn't catch the smart criminals who use e2e encrypted services we shouldn't catch the dumb ones either?
Terrible takes notwithstanding, of which there are many, the issue I see with such arguments is that it's always possible to find legal violations that technically justify prosecution or imprisonment. However, the legal system only functions effectively if we trust that those handling the gray areas are motivated by the common good, rather than serving the interests of a select few or protecting an elite minority. Simply focusing on the arrest and comparing it to the alleged criminal activities on Telegram, along with the supposed lack of enforcement by the company, seems like turning a blind eye. It ignores the more likely reality that this is part of a broader effort to establish a censorship regime, with platforms like TikTok, X, Telegram, and Rumble already targeted. Accepting the official narrative and pretext at face value feels, frankly, a bit naive.
It's important to note that he has only just been arrested, so there will be a case laid out, a defense offered, facts tried, and ultimately a conviction or not. I don't find a lot of sense in speculating about why or why it didn't happen as that will presumably be surfaced during the trial itself. Such events may or may not be followed up on HN as most of time these things turn out to not be wide ranging conspiracies but more mundane wrong-doings or acquittals based on facts presented and mundane things do not get clicks.
The motivations for arresting/prosecuting a person does not usually come up in a trial. Trials usually just present evidence of why this person is supposed to be convicted/guilty, but seldom give insight to the broader picture of why this person was "chosen" while the others are not.
I also disagree with the characterization of the discussion as "wide ranging conspiracies"... voicing concern over a government arresting a major online platform that is well known for minimal censorship shouldn't be labeled as conspiracy theories.
The motivation can come up discovery though. If there is something nefarious, you would expect the defense to bring it up during pre-trial motions (which are public, just not presented to the jury). The defense also has wide lattitude to bring up such issues to the jury (although they are often limited in what they can argue about it).
In some cases, selective prosecution is itself a defense; but (as you allude to) that is a very high bar for the defense to clear.
I guess you have a point, but I think the specifics depend on jurisdiction.
That said, the defense can say whatever they want about what they perceive as selective prosecution... but how do they know? It's not like they would have more knowledge about the prosecution's thought process than the average conspiracy theorist?
The actual cause of the investigation is unlikely to come up during discovery or the trial. This is because of Parallel Construction [1]. Here is the first paragraph of the Wikipedia article to explain:
> Parallel construction is a law enforcement process of building a parallel, or separate, evidentiary basis for a criminal investigation in order to limit disclosure as to the origins of an investigation.
Parallel construction is about hiding methods, not motives or the actual transgression. What you’re describing is simply abuse of power: the cops don’t like the beat you’re reporting so they start ticketing you for going two over the speed limit.
I would argue that hiding methods is one way to obscure motives of those building the case against a defendant.
The specific discussion was related to a "wait-and-see" attitude in regards to the motives of the justice system of France (not the motives of the alleged perpetrator). The suggestion was that if this was politically motivated then that motive would be revealed once the discovery process began. However, if the French legal systems wants to hide a political motivation then they can use parallel construction to hide their methods, thus obscuring their motives.
Also, I didn't "describe" anything. I pointed to a Wikipedia article that, in part, declares parallel construction as supported by the Supreme Court of the US. So, at least in US law, it is not at all an abuse of power but rather a totally valid approach that law enforcement can take to build a case against someone. The entire reason I even know the terms is because it showed up so often in the TV show Law & Order.
Telegram has been operating for years and did not change recently to justify such an action yesterday. There's something more certainly. Maybe they did not comply with requests related to recent war in Ukraine or genocide in Palestine ?
The initial investigation which triggered the arrest was made by the OFMIN ("Office spécialisé dans la lutte contre les violences faites aux mineurs" basically the government branch tracking and fighting CSAM).
Supposedly, Telegram (and by definition of the french law, the CEO) did not respond to requests for takedown of harmful content (or not enough or faster?) from the the OFMIN. This triggered another investigation looking globally at how Telegram handle content moderation on the public part of Telegram (Channel) which lead to all others charges of complicity.
This is basically the CEO taking the fall because the (unreachable by french law) Telegram company is not on french soil and he made the mistake on landing here.
I posted this else ITT, but whats your opinion on the following (I have NO opinion - as I cant verify any facts about anything - so I am just an Observer of the events and what people are saying:)
>This reminds me of the entire plot to the last of the Bourne movies, Jason Bourne, where there is a scene of the head of some intel agency (Tommy Lee Jones) propositioned a social media founder to give them backdoor access or he would be killed. Great movie.
> One cannot legally run a hosted, unmoderated content platform in the developed world, one will always be required to remove illegal materials and turn over materials in cooperation with law enforcement.
Should you remove e.g blasphemy which is illegal in many countries including some of what I assume you call "developed world"?
You should certainly have a formal process to respond to those countries’ requests, and you might consider technical architectures that don’t leave you in direct custody and control of that content in the first place.
> You should certainly have a formal process to respond to those countries’ requests
Mere responding is evidently not enough, you need to cooperate.
> you might consider technical architectures that don’t leave you in direct custody and control of that content in the first place.
This rules out the "public channel" feature.
Essentially what you say boils down to a global publishing platform being impossible nowadays without random and contradictive censorship acts.
While this is probably true, I definitely don't share the "yeah throw him to jail" sentiment. On the contrary, I miss very much the truly global Internet of early 2000s. If this was possible back then, it must be, generally speaking, possible? Are we going to see anything like this again in our lifetimes?
> Mere responding is evidently not enough, you need to cooperate.
Only if the request is coming from a country with a lot of power to effect its judgments internationally, or from a country you plan to personally visit. Whether or not you agree with it, ignoring legal requests from the US, China, and the EU (and debatably some other countries), isn't really an option in this day and age.
Until you wanted to visit a small country on vacation and forgot you ignored their court order 4 years ago.
Or you visit some random country and didn't check the extradition treaties they have with some other country you thought you'd never visit.
Or maybe new extradition treaties (yay!)
The sad conclusion I'm seeing in this story is: If you make an internet service, it's safer to just block off all the countries except the specific ones you're planning to operate in.
If you are a multi-national with a legal presence in that country you likely have the resources to engage local counsel in answering that question and to assist in understanding the legal risks of various business decisions.
I don't ask for legal advice, I ask you how do you imagine the "always remove illegal content, easy" part of your plan to work? There's no common definition of what is legal. E.g do you suggest removing content if it's illegal anywhere in the world?
Why would you not ask for legal advice on potential legal issues when registering users from countries you do not operate in? That is the only way you can understand the definitions of what is and is not legal in those countries.
The defendant in question is a French citizen, being arrested in France, so if I were similarly situated I would expect to follow French law at a minimum.
My answer wasn't intended to be dismissive, truly, the answer will be specific to ones legal situation and the jurisdictions they plan to operate in and are best answered specifically by competent counsel in those jurisdictions after considering ones specific facts. Asking if ones should comply with laws "anywhere in the world" is not a useful question by itself.
This really isn't a difficult question to answer: You remove the smallest subset of content such that you are allowed to operate in the markets in which you plan to operate/have a business presence in/plan to visit.
That's an imaginary simplicity since there is no such thing: determining a subset requires very high certainty in the rules (to be able to apply them and not run afoul), which doesn't exist in any real legal system
I've never ran a web service personally, but to me it seems blocking access from UK, FR, DE is going to be the real long-term solution. Direct user participation from those regions are irrelevant anyway. That's going to narrow the problems down into actually working with police agencies in good faith and bypassing payment processors moral policing.
I am pretty sure that aiding criminal activity or child pornography are illegal in more countries than not, which are on the list of charges, and can be expected to do against from anyone, and ontopic here. Unlike blasphemy.
We need forums in my town. Anyone can set one up in minutes if it has already been done. But even if the site is about engines, you can't be sure that some data is not what it seems. It could be a plot to burn down Parliament, or it could offend people from a peaceful country who humbly want to reconstruct the map of the world back to 100 BC.
You just don't know. And so we do not even have a single local forum.
This is a fantastic case of hypocrisy here. I personally see Facebook ads for illegal drugs at least once a week, and nothing happens. I even stopped reporting it because it was obviously pointless. Why? Because Zuck is "our son of bitch".
He's been publicly chewed out at hearings by U.S. Senators, at least on the Republican side, for things like that. But the senate apparently doesn't have the power to do anything about it, or at least prioritize it with the rest of what is on their plate. I agree though that if Zuckerberg had been a Russian citizen, France probably would have arrested him too.
>One cannot legally run a hosted, unmoderated content platform in the developed world, one will always be required to remove illegal materials and turn over materials in cooperation with law enforcement.
One can. I think you're confusing censored with moderated. Google, Facebook, Instagram, etc. aren't moderated. They're censored. They refuse to moderate or not moderate. Censorship is a form of moderation, but it itself isn't enough to be considered moderated. Censorship is enough to make it not unmoderated though.
They made a claim that Telegram are particularly unresponsive to legitimate requests from various law enforcement groups which as a statement goes isn’t particularly controversial.
> [...] telegram possessed a lot of content on their servers that they had been made aware was illegal and didn't cooperate.
Do we know this for sure? What are the sources?
If that were true — then it surely would be less surprising, and even expected, but I would argue it's still bad: first because encryption would lead to the same result (as you point out) and second because what's illegal is often a matter of perspective: Telegram had content that was illegal in Russia, and didn't collaborate.
877 comments
[ 2.9 ms ] story [ 370 ms ] threadWhat could possibly go wrong!
Sounds like it was because of E2EE.
i.e. They refused to turn over chat records that they have server side access to.
It's worth noting that they could do E2EE here for group chats but they don't. Signal does it but telegram wholesale refused to.
https://blog.cryptographyengineering.com/2024/08/25/telegram...
This places Telegram's security stance below that of even Instagram or Facebook (which also has optional E2EE chats, but uses the Signal protocol, which is considered better than MTProto2.)
This is not an e2e battle, this is the hunt for channel owners. Frankly it is too easy to make a "local chat" and sell stuff. Durov has the data and this is his weakness and strength. Platform is viral but there are too much for one hands.
Should we enable the Iranian polotical refugee to communicate in secret with her family ?
Should we by warrant enable the possibility to open up messages when pedofiles sell or buy children for sex ?
Nasty questions.
But at the same time I wish a court order can open up encryption when it's needed.
But the balance is difficult. As we see all the time.
I am assuming the opposite.
Maybe you forgot how us democracies work together for good and evil.
They grounded a Presidents plane because they thought SNOWDEN was onboard.
https://en.wikipedia.org/wiki/Evo_Morales_grounding_incident
even with the recent trend towards adding incremental bloat to the client, it’s managed to stay a simple, straightforward tool for communicating with minimal advertising and enough of the features that i need front and center.
IMHO, Signal is way better.
It's perfectly fine for a few thousand people
I haven’t noticed any major UX issues but I use it for one thing only
Telegram is indeed the best like others are saying, and WhatsApp is a distant second.
Never had any problem with Signal.
Other than that it just works
Signal is fine for messaging. Not bad, not amazing. I'd have a much easier time convincing people to switch to Signal if it would've had a client as good as Telegram's, especially for the desktop application.
That said, Telegram has been adding more and more annoying premium features that distract and annoy.
I'd rather have a good privacy policy with a good enough server-side encryption than some closed-source implementation of E2EE, that we can never audit.
WhatsApp actually disallows you from reverse-engineering the app and looking into the algorithm. That begs the question, what percentage of E2EE is it really? 20%? 50%? 100%? Because there's still no way to confirm their claims of E2EE. All we have is a company with a really good track record in lying publicly, telling you that it's safe.
Looking at WhatsApp's privacy policy, I really wonder why people even support it compared to Telegram: https://privacyspy.org/product/whatsapp/
https://privacyspy.org/product/telegram/
[0]: https://engineering.fb.com/2023/04/13/security/whatsapp-key-...
This is not the algorithm being audited, it's the key. Telegram's complete algorithm is auditable, including the open source client apps. Server code is always unverifiable, so let's not bring that up.
Secondly, WhatsApp channels and large groups (copied from Telegram) are not encrypted in any way (cmiw), as opposed to Telegram's MTProto 2.0 Cloud encryption. The app is completely closed-source even with all their claims of privacy and its TnC even discourages you from reverse-engineering it.
> Channel updates should be used to share information with followers and viewers, not as a way for admins to communicate back and forth.
https://faq.whatsapp.com/671443411431514/
Most people care about usability and interconnectivity first and foremost because the majority of their messaging activities are not so sensitive that they feel the need to sacrifice those things for mandatory E2EE. Call that shortsighted if you like, but it's far more common than this "encryption or bust" mindset around here.
If signal or some messaging platform could find a way to be E2EE capable all the time, with all the same usability and design as telegram, without unnecessary restrictions on users, and without it being a completely walled off garden from which your data can never be self-extracted, it would win this argument.
Same goes for things like Tutanota and a lot of these other data prisons that are cropping up which create privacy through taking away user agency.
Until then users will pick what they want for their own needs. Telegram met those needs for many.
From the recent Tucker Carlson interview of Pavel Durov, Telegram has:
https://news.ycombinator.com/item?id=41343845You do need to turn off "display stickers suggestion" before the app becomes nice.
https://matrix.org/ecosystem/clients/
(Of course, I don't know what qualifies as a major messenger to you.)
it is lightweight, pretty much never goes down, has reasonable features.
Almost all conversations that most people have are benign. I used telegram to follow journalists (essentially as a twitter replacement), how would E2EE benefit my use case?
Also the apis are almost completely free, so you can do lots of creative projects for fun.
> The main accusation by EU authorities concerns Telegram’s encrypted messaging services, which were allegedly used to facilitate organised crime. One investigator stated that ‘Telegram has become the number one platform for organised crime over the years’, underlining the perceived link between the platform’s privacy features and criminal activities.
It's unclear to me how much this "perceived link" is on behalf of the author of the article, as opposed to the prosecutors themselves.
The article doesn't say anything about E2EE specifically, but I think it would be understandable to "read between the lines" and assume that Telegram is in trouble for offering E2EE - but I think/hope that assumption would be incorrect.
Guess not: https://en.m.wikipedia.org/wiki/Postal_interception
The issue is with Telegram non cooperation and lack of moderation of publicly available content.
Secure message passing is no different. The "shovel", the thing one might sell, is just the application of some math which does something and not any of the infinite other things.
An e2e communication system is just a shovel, or a car, or a saw, or any other tool that does a specific thing for which there is any valid need, which there absolutely is. Thinking that there is any logically valid way around that is what is very naive.
That's why the authorities ask for the squaring of the circle.
Don't break encryption but make it readable.
That's "Let's make PI = 3" level of ignorance
There's a difference between breaking the encryption of a single target after a warrant or handing over previous data which would need some kind of backdoor in the encryption.
They also don't have public groups with questionable material, as far as I know
Probably an unrelated coincidence.
Why are these service providers being punished for what their users do? Specifically, these service providers? Because Google, Discord, Reddit, etc. all contain some amount of CSAM (and other illegal content), yet I don't see Pichai, Citron, or Huffman getting indicted for anything.
Hell, then there's the actual infrastructure providers too. This seems like a slippery slope with no defined boundaries where the government can just arbitrary use to pin the blame on the people they don't like. Because ultimately, almost every platform with user-provided content will have some quantity of illegal material.
But maybe I'm just being naive?
If you are alleging that there's comparable, specific and actual legal infringements on the part of meta/google, that somehow go uninvestigated and unpunished, free free to point to that.
The only E2EE in Telegram is called "secret chats" and they're 1-on-1.
i don’t think messaging startups should be required to employ hundreds of people to read messages
It was their decision to become something bigger than a simple messaging app by adding channels and group chats with tons of participants. It was also their decision to understaff content moderation team.
Sometimes the consequence is a legal action, like the one we're seeing right now. All this could have been easily avoided if they had E2EE or enough people to review reported content and remove it when necessary.
Even E2EE messaging service providers have to cooperate in terms of providing communication metadata and responding to takedown requests. Ignoring law enforcement lands you in a lot of shit everywhere, in Russia you'll just be landing out of a window.
These laws have applied for decades in some shape or form in pretty much all countries, so it shouldn't come as a surprise.
But i have no idea if it truly has more or less crime than other platforms. So we can't really tell if he's being messed with because he can't stand up for himself in a way Microsoft or Musk can, or it is truly a criminal problem.
A person witnessing a crime by itself is not a crime. However, a person witnessing a crime and choosing not to report it is a crime.
Or you can just not respond, at least in the US. https://en.wikipedia.org/wiki/Self-incrimination
If you're the witness to a murder and you're subpoena'd to court and refuse to testify then you are committing contempt of court. There was a guy in Illinois who got 20 years (reduced to 6 on appeal) for refusing to testify in a murder.
https://illinoiscaselaw.com/clecourses/contempt-of-court-max...
Contempt of court usually has no boundaries on the punishment, nor any jury trials. A judge can just order you to be executed on the spot if you say, fall asleep in his courtroom. Sheriffs in Illinois have the same unbridled power over jail detainees.
Not sure whether that extends to police questioning though.
It still exists in many jurisdictions, including the UK, the US (it is a federal crime under 18 U.S. Code § 2382, and also a state crime in most states), Australia, Canada, New Zealand and Ireland.
Related was the crime “misprision of felony”, which was failure to report a felony (historically treason was not classed as a felony, rather a separate more serious category of crime). Most common law jurisdictions have abolished it, in large part due to the abolition of the felony-misdemeanour distinction. However, in the US (which retains that distinction), it is a federal crime (18 U.S. Code § 4). However, apparently case law has narrowed that offence to require active concealment rather than merely passive failure to report (which was its original historical meaning)
Many of the jurisdictions which have abolished misprision of felony still have laws making it a crime not to report certain categories of crime, such as terrorism or child sexual abuse
That heavily depends on the jurisdiction. It's explicitly a crime in Germany, for example: https://www.gesetze-im-internet.de/stgb/__138.html
On top of that, if you can be shown to benefit from the crime (e.g. by knowingly taking payment for providing services to those that commit it), that presumably makes you more than just a bystander in most jurisdictions anyway.
It is also only for upcoming not yet accomplished crimes. Crimes already happened don’t have to be reported.
Also it has to be proven that you received the plan in a plausibel manner.
https://www.icmec.org/csam-model-legislation/
That’s generally not true, at least in the Anglo legal system.
Obviously this is French criminal law, which is, well, wow.
https://www.debevoise.com/-/media/files/pdf/20190521_10_thin...
Who you are definitely determines how the law handles you. If you're Google execs, you don't have to worry about the courts of the peasantry.
How do you know this is the case?
Nobody's arresting Zuckerberg for that.
Not to say that deliberately making yourself blind to what's happening on your platform will always be a bulletproof way to avoid liability, but it's a much more defensible position than being able to see the illegal activity on your platform and not doing anything about it. Especially in the case of seriously serious crimes like CSAM, terrorism, etc.
The issue is law enforcement doesn't want that kind of access. Because they have no manpower to go after criminals. This would increase their caseload hundredfold within a month. So they prefer to punish the entity that created this honeypot. So it goes away and along with it the crime will go back underground where police can pretend it doesn't happen.
Telegram is basically punished for existing and not doing law enforcement job for them.
Apparently, they have. Sorry for your bet.
I bet that if they really asked, they pretty much asked Telegram to build them one click creator that would print them court ready documents about criminals on their platform so that law enforcement can just click a button and yell "we got one!" to the judge.
That's not true. For one things, it is expensive. For another, there's a chance people will find out and you'll lose all your criminal customers... they might even seek retribution.
> I bet that if they really asked, they pretty much asked Telegram to build them one click creator that would print them court ready documents about criminals on their platform so that law enforcement can just click a button and yell "we got one!" to the judge.
You seem to believe, without having looked at the publicly available facts of the matter, that the problem is law enforcement didn't say "pretty please". The fact of the matter is that they've refused proper law enforcement requests repeatedly; if anyone has been rude about it, it's been Durov.
Meta can provide conversation and account metadata (Twitter does the same - or used to do at least), or suspend accounts
You leak basic metadata (who talked to who at what time).
You leak 100% of messages with "business account", which are another way to say "e2e you->meta and then meta relays the message e2e to N reciptients handling that business account".
Then there's the all the links and images which are sent to e2e you->meta, meta stores the image/link once, sends you back a hash, you send that hash e2e to your contact.
there's so many leaks it's not even fun to poke fun at them.
And I pity anyone who is fool enough to think meta products are e2e anything.
actually its a nominated end point, and then from there its up to the business. It works out better for meta, because they aren't liable for the content if something goes wrong. (ie a secret is leaked, or PII gets out.) Great for GDPR because as they aren't acting as processor of PII they are less likley to be taken to court.
Whatsapp has about the same level of practical "privacy" (encryption is a loaded word here) as iMessage. The difference is, there are many more easy ways to report nasty content in whatsapp, which reported ~1 million cases of CSAM a year vs apples' 267. (not 200k, just 267. Thats the whole of apple. https://www.missingkids.org/content/dam/missingkids/pdfs/202...)
Getting the content of normal messages is pretty hard, getting the content of a link, much easier.
Its not signal, but then its never meant to be.
https://engineering.fb.com/2023/04/13/security/whatsapp-key-...
For iMessage, Apple can just add a fake iDevice to your account and now iMessage will happily encrypt everything to that new key as well and there's zero practical visibility to the user. If it was a targeted attack and not blanket surveillance then there's no way the target is going to notice. You can open up the keychain app and check for yourself but unless you regularly do this and compare the keys between all your Apple products you can't be sure. I don't even know how to do that on iPhone.
and show that fb eclipse everyone by a insane margin it's scary!
about your point on business accounts, the documents i reviewed included dialog tree bots managed by meta. not sure if not having that change things... but in that case it was spelled out that meta is the recipient
In whatsapp, the report button is on the same menu that you use to reply/hide/pin/react.
Once you do that, it sends the offending message to meta, unencrypted. To me, that seems like a reasonable choice. Even if you have "proper" e2ee, it would still allow rooting out of nasty/illegal shit. those reports are from real people, rather than automated CSAM hashing on encrpyted messages. (although I suspect there is some tracking before and after.)
Its the same with instagram/facebook. The report button is right there. I don't agree with FB on many things, but this one I think they've made the right choice.
Learn more: https://about.meta.com/actions/safety/audiences/law/guidelin...
Yes, WA messages are supposed to be e2e encrypted. Unless end-to-end encryption is prohibited by law in your jurisdiction, I don't see how that question is relevant in this context.
It is supposedly end-to-end encrypted. And in a shallow way. Also the app is closed source and you can't develop your own.
It's basically end-to-end-trust-me-bro-level encrypted.
That should scare a lot of us.
This tells me most of the people implementing this are either too-scared of the consequences, or they think what they're implementing is ethical and/or the right thing to do. Again, both are scary thoughts we should be highly concerned about in a healthy society that talks about these things.
One other potential explanation: FB and these large behemoths have compartmentalized the implementations of these features so much that no one can speak authoritatively about it's encryption.
The simplest explanation: when peope start at facebook/meta they leave their ethics at the door on the first day in the role.
It’s cynical, but does explain a lot: many people will pick the fat paycheque over their ethics any day, particularly in the US (where money is king)
The secondary business idea it to tie their users logins to their real world identities, to the point of repeatedly locking out users who they live under threat and refuse to disclose their real name.
I can see how it's frustrating, but the communities you're trying to post in are essentially offloading their moderation burden onto the big popular subreddits with low requirements -- if you can prove you're capable of posting there without getting downvoted into oblivion, you're probably going to be less hassle for the smaller moderator teams.
I'm not particularly interested in spending a lot of time posting on reddit. But very occasionally I'll come across a thread I can contribute meaningfully to and want to comment. Even if allowed I'd probably just make a couple comments a year or something. But I guess the site isn't set up for that, so fuck it.
Years ago there was a case where someone built a business out of making hidden compartments in cars. He did an amazing job of making James Bond style hidden compartments that perfectly blended into the interior. He was later arrested because drug dealers used his hidden compartment business to help their drug trade.
There was an uproar about the fact that he wasn’t doing the drug crimes himself. He was only making hidden compartments which could be used for anything. How was he supposed to know that the hidden compartments were being used for illegal activities rather than keeping people’s valuables safe during a break-in?
Yet when the details of the case came out, IIRC, it was clear that he was leaning into the illegal trades and marketing his services to those people. He lost his plausible deniability after even a cursory look at how he was operating.
I don’t know what, if any, parts of that case apply to Pavel Durov. I do like to share it as an example of how intent matters and how one can become complicit in other crimes by operating in a manner where one of your selling points is that you’ll help anyone out even when their intent is to break the law. It’s also why smart corporate criminals will shut down and walk away when it becomes too obvious that they’re losing plausible deniability in a criminal enterprise.
If you are directly aiding and abetting without any plausible attempt to minimize bad actors from using your services then absolutely.
For example, CP absolutely exists on platforms like FB or IG, but Meta will absolutely try to moderate it away to the best of their ability and cooperate with law enforcement when it is brought to their attention.
And like I have mentioned a couple times before, Telegram was only allowed to exist because the UAE allowed them to, and both the UAE and Russia gained ownership stakes in Telegram by 2021. Also, messaging apps can only legally operate in the UAE if they provide decryption keys to the UAE govt because all instant messaging apps are treated as VoIP under their Telco regulation laws.
There have been plenty of cases where anti-Russian govt content was moderated away during the 2021 protests - https://www.wired.com/story/the-kremlin-has-entered-the-chat...
isn't this the definition of "criminal lawyer"?
If you are a criminal lawyer who is directly abetting in criminal behavior (eg. a Saul Goodman type) you absolutely will lose your Bar License and open yourself up to criminal penalties.
If you are a criminal lawyer who is in a situation where your client wants you to abet their criminal behavior, then you are expected to drop the client and potentially notify law enforcement.
https://www.reddit.com/r/Lawyertalk/comments/1dd32ji/brian_s...
More interesting is why the judge and prosecutors have not been referred to the bar for their illegal actions.
Not a lawyer myself but I believe this is not a correct representation of the issue.
A lawyer abetting in criminal behaviour is committing a crime, but the crime is not offering his services to criminals, which is completely legal.
When offering their services to criminals law firm or individual lawyers in most cases are not required to report crimes they have been made aware of under the attorney-client privilege and are not required to ask to minimize bad actors from using their services.
In short: unless they are committing crimes themselves, criminal lawyers are not required to stay clear from criminals, actually, usually the opposite is true.
Again, presumption of innocence do exists.
In this case, Telegram showed bad faith moderation. They are not a lawyer, and don't operate with the same constraints.
When in doubt, ask.
I was replying to
any plausible attempt to minimize bad actors from using your service
I mentioned criminal lawyers because their job is literally to "offer their services to criminals or to people accused of being criminals" and they have no obligation whatsoever to minimize bad actors from using your service, in fact bad actors are usually their regular clientele and they are free to attract as many criminals as they like in any legal way they like.
Helping a criminal to commit a crime it's an entirely different thing and anyway it must be proved in a court, it's not something that can be assumed on the basis of allegations (their clients are criminal, so they must be criminal too).
That's why in that famous TV drama Jessy Pinkam says "You dont want a criminal lawyer, you want a Criminal. Lawyer.".
The premise of this story is that Telegram offers a service which is very similar to safe deposit boxes, the bank it's not supposed to know what you keep in there hence they are not held responsible if they are used for illegal activities.
In other words most of the times people do not know and are not required to know if they are dealing with criminals, but, even if they did, there are no legal reasons to avoid offering them your services other than to avoid problems and/or on moral grounds (which are perfectly understandable motives, but are still not a requirement to operate a business).
Take bars, diners, restaurants, gas stations or hospitals, are they supposed to deny their services?
And how would they exactly should take actions to minimize bad actors from using your service?
If someone goes to a restaurant and talks about committing a crime, is the owner abetting the crime?
I guess probably not, unless it is proven beyond any reasonable doubt that he actually is.
It doesn't matter if it's true or false it only matters what the justice system can prove.
This is the issue. Web platforms DO NOT have that kind of legal protection - be it Telegram, Instagram, or Hacker News.
Safe Harbor from liability in return for Content Moderation is expected from all internet platforms as part of Section 230 (USA), Directive 2000/31/EC (EU), Defamation Act 2023 (UK), etc.
As part of that content moderation, it is EXPECTED that you crack down on CP, Illicit Drug Transactions, Threats of Violence, and other felonies.
Also, that is NOT how bank deposit boxes work. All banks are expected to KYC if they wish to transact in every major currency (Dollar, Euro, Pound, Yen, Yuan, Rupee, etc) and if they cannot, they are expected to close that account or be cut off from transacting in that country's currency.
> That's why in that famous TV drama Jessy Pinkam says "You dont want a criminal lawyer, you want a Criminal. Lawyer.".
First, it's Pinkman BIATCH not Pinkam.
And secondly, Jimmy McGill (aka Saul Goodman) was previously suspended by the NM Bar Association barely 5 years before Breaking Bad, and was then disbarred AND held criminally liable when SHTF towards the finale.
e2e encryption cannot be broken though
> Safe Harbor from liability in return for Content Moderation is expected from all internet platforms as part of Section 230 (USA), Directive 2000/31/EC (EU), Defamation Act 2023 (UK), etc.
I have no sympathy for Durov and I don't care if they throw away the keys, but what about Mullvad then?
I guess that a service whose main feature is secrecy and anonymity should at least provide anonymity and secrecy.
> CP, Illicit Drug Transactions, Threats of Violence, and other felonies
you understand better than me that the request is absurd all of this is in theory, in practice nobody can actually do it for real, the vast majority of illicit clear text content are honeypots created by agents of various agencies to threaten the platforms and force them to cooperate. nothing's new here, but let's not pretend that this is to prevent crimes.
also: the allegations against Telegram are that they do not cooperate, but we don't actually know if they really crack down on CP or other illegal activities or not, because if they don't, the reasonable thing to do would be to shut down the platform, what does arresting the CEO accomplish? (rhetorical question: they - I don't want to throw names, but i think that the usual suspects are involved - want access to and control of the content, closing the platform would only deny them access and would create uproar among the population - remember when Russia blocked Telegram?)
also 2: AFAIK Telegram requires a phone number to create an account, it's the responsibility of the provider to KYC when selling a phone number, not Telegram's.
also 3: safe deposit boxes are not necessarily linked to bank accounts. I pay for a safety deposit box in Switzerland but have no Swiss bank account.
So my guess is EU wants in some way control the narrative in Telegram channels where the vast majority of the news regarding the war in Ukraine spread from the war front to the continent.
> First, it's Pinkman BIATCH not Pinkam.
Sorry. I'm dyslexic and English is not my mother tongue, but the 4th language I've learned, when I was already a teenager.
> was previously suspended by the NM Bar Association
that was the point. TV dramas need good characters and a criminal lawyer who's also a criminal is more interesting than a criminal lawyer who's just a plain boring lawyer that indulges in no criminal activity whatsoever.
This is precisely why Republicans want to repeal it - if they succeed, it would effectively force Facebook etc to allow any content.
Is this true? After decades now of a cat and mouse game, it could be argued that they are simply incapable. As such, the "best of their ability" would be using methods that don't suit their commercials - e.g verifying all users manually, requiring government ID, reviewing all posts and comments before they're posted, or shutting down completely.
I understand these methods are suicidal in capitalism, but they're much closer to the "best of their ability". Why do we accept some of the largest companies in the world shrugging their shoulders and saying "well we're trying in ways that don't impact our bottom line"?
Your analogy is terrible and doesn’t make sense.
If you provide a service that is used for illegal behavior AND you know it’s being used that way AND you explicitly market your services to users behaving illegally AND the majority of your product is used for illegal deeds THEN you’re gonna have a bad time.
If one out of ten thousand people use your product for illegal deeds you’re fine. If it’s 9 out of 10 you probably aren’t.
This logic clearly makes the prison of someone like the owner of Telegram difficult to justify, since 99.999% of messages in telegram are completely legal.
This really isn’t that complicated.
Keep in mind that as soon as you store user accounts you keep user data, which is perhaps a trivial form of eavesdropping, but clearly something law enforcement takes an interest in.
https://en.m.wikipedia.org/wiki/Accessory_(legal_term)
You’re making the opposite point of what you intended.
Any source for that? Media loves to blame banks for everything, but when you go into the details it always seems pretty marginal (e.g. the HSBC Mexico stuff).
A bank will drop you if they even think you might be doing something (demonstrably on paper) illegal. When opening an account, some of the very first questions a bank asks you are "where did you get this money" and "what do you do for work" - proactively making you responsible for committing to some type of story. All of the illegality you're trying to reference is happening under a backdrop of reams of paperwork that make it look like above board activity to compliance departments. Without that paperwork when shit does hit the fan, people working at the bank do tend to go to jail. But with that paperwork it's "nobody's fault" unless they manage to find a few bank employees to pin it on.
Needless to say, this type of prior restraint regime being applied to free-form communication would be an abject catastrophe.
Why aren't all gun manufacturers in jail then? They must know a percentage of their products are going to be used to commit crimes. A much larger percentage than those using Telegram to commit one.
The usual metaphor is child pornography, but let's pick something less outrageous: espionage. If a spy uses your messaging platform to share their secrets without being detected & prevented, that's using the service to commit a crime. Now, if you're making a profit from said service, that doesn't necessarily make you a criminal, but if you start saying "if spies used this platform, they'd never be stopped or even detected", that could get you in to some serious trouble. If you send a sales team to the KGB to encourage them to use the platform, even more so.
The second amendment gives weapon makers some extra protection in the US, but they do have to be very careful about what they do and do not do in order to avoid going to jail.
> They must know a percentage of their products are going to be used to commit crimes. A much larger percentage than those using Telegram to commit one.
Do you have the stats on that? I don't, but I'm curious. While I don't doubt the vast majority of people using Telegram aren't committing a crime, I know that the vast majority of people using guns also aren't committing a crime.
That's because you're assuming facts not in evidence and painting the broadest possible argument. Obviously we don't know the details yet, but it's not unlikely that this situation was a bit more specific.
Consider:
You can't put your own moral compass in place of the law, basically. That final statement is very reasonably interpreted as obstruction or conspiracy, where a blanket refusal would not be.However, I still argue that wanting to provide secret communication (which Telegram actually doesn't do) is not abetting crime or helping it more than any other product.
In fact, in my humble opinion, it's the opposite: Private communications are a countermeasure against the natural tendency of governments to become tyrannical, and thus maintaining one is an act of heroism.
That's an easy enough statement in the abstract, but again it doesn't speak to the case of "Durov knowingly hid child porn consumers from law enforcement", which seems likely to be the actual crime. If you want to be the hero in your story, you need to not insert yourself into the plot.
The IRS actually expects you to report income earned from illegal activities, they _explicitly_ state this in Publication 17.
Cash isn't income. It's an asset. You don't even report assets. You report income, and you have to specify where it came from.
is it what happened here?
in my view Durov is the owner renting his apartment and not caring what people do inside it, which is not illegal, someone could go as fare as say that it is morally reprensible, but it's not illegal in any way.
It would be different if Durov knew but did not report it.
Which, again, doesn't seem what happened here and it must be proven in a court anyway, I believe everyone in our western legal systems still has the right to the presumption of innocence.
Telegram not spying on its users is the same thing as Mullvad not spying on its users and not saving the logs. I consider it a feature not a bug, for sure not complicity in any crime whatsoever.
Problem is if you know what these people do inside it and you don't do anything about it.
Problem is if the police arrests the owner of the apartment but not those doing something illegal inside it.
Out of metaphor: Durov has been arrested because he's Russian and the west is retaliating as hard as they can.
Under the same assumptions Durov has been arrested for, Elon Musk and Jack Dorsey should be in jail too. [1]
[1] https://www.theguardian.com/world/2023/sep/04/twitter-saudi-...
That guy who built the hidden compartments should absolutely not have gone to jail. The government needs to be put in check. This has gotten ridiculous.
It's not whether the platform is being used for illegal activity (all platforms are to some extent, as your facile comment shows). It's whether the operator of a platform actively avoids cooperating with LE to stop that activity once found.
The real goal is hurting anyone that’s not aligned with people in power regardless of who is getting helped or harmed. Everyone knows this but so many people in this thread are lying about it.
AFAIK these goals _are_ applied to equivalent services. It's just that twitter, FB, Instagram, WhatsApp, and all the others _do_ put in the marginal amount of effort required to remove/prohibit illicit activity on their platform.
Free speech is one thing, refusing to take down CSAM or drug dealing operating in the open is always going to land you in hot water.
I think it’s wrong on social media for the exact same reason it’s wrong to arrest power companies if a guy staples printed CSAM to a utility pole. Same thing for monitoring private phone calls. We know that AI can detect people talking about terrorism on the phone and cameras can monitor paper ads and newsletters in public spaces, but nobody would advocate for making this a legal requirement because it’s insane. The fact that nobody cares is proof that the public does value privacy and free speech. Why are so many of them tricked into thinking the internet is an exception?
I want people to commit to their beliefs and either admit they want surveillance wherever it’s technically feasible or give up and recognize that internet surveillance is also wrong. No more of this “surveillance is good but legacy platforms are exempt” waffling. Very frustrating and only serves the interests of people who already have power
> for the exact same reason it’s wrong to arrest power companies if a guy staples printed CSAM to a utility pole
That seems like a bad analogy. A closer one would be that I rent the pole space to people who I am told by law enforcement are committing serious crime in the open, using the pole I am renting to them. Additionally, I am uniquely capable of a) removing the printouts b) passing on whatever information I have about those involved (maybe zero, but at least I say that). The issue is refusing both. I don't feel they are egregious requests.
(this is not a tacit approval of digital surveillance)
I was very disappointed to hear that UFO related subreddits take down and block UFO sightings. What’s the whole point of the sub if they censor the relevant content.
Those listings were great and well documented up until about 2019 or so. They've been scrubbed heavily.
In the English wiki it’s a group “Guerilla Skepticism” which dominates the field on esoteric content and much more.
In Germany we have the same situation and very likely every language has the same issue.
The bigger pictures is that the whole content from Wikipedia gets fed into the AIs and then it answers you practically the strongly moderates censored misleading content from Wikipedia.
The very disappointing thing is that nobody can’t to anything about the mods in Wikipedia, they dominate the place.
In the EU, Telegram blocked access to certain channels that the EU deemed to be Russian disinformation, for example.
They cooperated to some degree, but I'll go out on a limb to say that the authorities wanted Telegram to be fully subservient to western government interests.
15 years ago in the US this would have been uncontroversial
Personally I'm undecided about whether these channels should be publicly available on e.g. free TV channels, but that's getting off topic.
there are other low-hanging fruit EU governments could do to address crime, NL has basically become a narcostate and they are just sitting by and watching - Telegram is not the problem.
Empirically speaking, governments have had absolutely zero success at this, but their attempts to do so have gotten them the kind of legal power over your life that organised crime could only dream about.
You could certainly argue that RICO was too powerful and is often misapplied, but I've never before seen anyone argue that it has been ineffective.
However, my GP comment was against the claim that “The state has no business judging the truth”. That claim as stated is absurd, because judging what is true is necessary for a state being able to function in the interest of its people. The commenter likely didn’t mean what they wrote.
One can argue what is harmful and what isn’t, and I certainly don’t agree with many things that are being over-moderated. But please discuss things on that level, and don’t absolutize “free speech”, or argue that authorities shouldn’t care about what is true or not.
This empty saying is used to justify basically any violation of civil liberty, because it is unprincipled and open ended, so it can be used to respond to any action anyone can take
> The commenter likely didn’t mean what they wrote
No, I meant what I wrote. The government has no business judging the truth. What is the Russian disinformation from earlier in this thread? For example, is it discussing the illegal 2014 coup in Ukraine that ousted a democratically elected government that was friendly to Russia? To EU overlords, discussing that event is “spreading disinformation” even though it is factually true and deserving of discussion. It’s a great example of political censorship being a problem.
> don’t absolutize “free speech”, or argue that authorities shouldn’t care about what is true or not.
Free speech should be absolutized in day to day discussion, even if there are very limited exceptions in the law. It’s when there is permission from society to limit speech that populations end up propagandized and suppressed by whoever has power over them. That’s what is happening here, where people are coming up with absurd mental gymnastics to justify France’s authoritarian actions.
> judging what is true is necessary for a state being able to function in the interest of its people
This sounds like support for Soviet or China style control of speech, and labeling of anything that power disagrees with as misinformation. Authorities shouldn’t care about what is true or not, because they are biased and corrupted by their agendas and ideologies and incentives. The free exchange of information is foundational to any free and democratic society. That’s what is necessary for a state to be able to function in the interest of its people.
The state can judge truth without censoring; and of course it should.
I suspect the other commenter isn't a censorship apologist and meant what they said. But feel free to decide what is likely true for the rest of us.
In other words, Apple and Google are the only authorities they recognize (see also [1]). I'm not surprised this doesn't sit well with many governments.
[1] https://news.ycombinator.com/item?id=41348666
One would hope that there is clear evidence to support a claim that they’re well aware what they’re profiting off and aren’t aggressively shutting it down.
To use Reddit as an example: in the early days it was the Wild West, and there were some absolutely legally gray subreddits. They eventually booted those, and more recently even seem to ban subreddits just because The Verge wrote an article about how people say bad things there.
I hope his situation isn't similar to Dotcom's, as Dotcom was shown to be complicit in the crimes he was being persecuted for. Convicting the megaupload people would've been a LOT harder if they hadn't been uploading and curating illegal content on their platform themselves.
As a service provider, you're not responsible for what your users post as long as you take appropriate action after being informed of illegal content. That's where they're trying to get Telegram, because Telegram is known to ignore law enforcement as much as possible (to the point of doing so illegally and getting fined for it).
https://www.nbcnews.com/news/us-news/son-el-chapo-another-si...
Or the ability of journalists to inform the public of what the government is getting on with in their name. If the government is investigating their critics they have no right to keep it a secret.
Because in your eyes it is so gradual the difference between it's happening slowly and not happening at all is imperceptible and impossible to prove.
It's extremely straightforward to prove. You look at the laws that have been passed and the court opinions issued in the last 30-60 years.
(French) https://www.sudouest.fr/economie/reseaux-sociaux/le-patron-d...
It could have been a warrant that was not communicated to Durov himself. This would have helped to catch him by surprise.
From what I can tell the warrant has been out for longer, but he was arrested when the airport police noticed his name was on a list. There's not a lot of information out there, with neither the French authorities nor Telegram providing any official statements to the media.
You don't step foot on a country with an extradition treaty, even less so the country itself, where you're flouting their warrants for your company's data.
https://globalinitiative.net/analysis/a-golden-opportunity-f...
And of which he’s a citizen, fwiw
> the operators of the messenger app Telegram have released user data to the Federal Criminal Police Office (BKA) in several cases. According to SPIEGEL information, this was data from suspects in the areas of child abuse and terrorism. In the case of violations of other criminal offenses, it is still difficult for German investigators to obtain information from Telegram, according to security circles.
https://threema.ch/en/blog/posts/chat-apps-government-ties-a...
> two popular chat services have accused each other of having undisclosed government ties. According to Signal president Meredith Whittaker, Telegram is not only “notoriously insecure” but also “routinely cooperates with governments behind the scenes.” Telegram founder Pavel Durov, on the other hand, claims that “the US government spent $3 million to build Signal’s encryption” and Signal’s current leaders are “activists used by the US state department for regime change abroad.”
Double Ratchet [1] is also used by WhatsApp (2B+ users) and IETF MLS [2] standard for E2EE group messaging.
[1] https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm
[2] https://www.ietf.org/blog/mls-secure-and-usable-end-to-end-e...
Nothing in this comment is about the US government funding Signal's encryption.
https://ia.acs.org.au/article/2024/-i-m-not-leaving---kim-do...
1) There was an order signed recently. He has not physically left NZ yet. 2) He's not convicted, he hasn't been in front of a judge for the charges against him
This is just a gimmick to bamboozle judges and the public. The ploy is to claim that someone is guilty of serious offense A because you proved they committed less serious offense B, even though the offenses have different elements and penalties.
They use the ploy because any large organization by definition has a lot of people in it and copyright infringement is pretty common, so by the law of large numbers somebody in the company is probably doing it even if the company doesn't want them to and then the prosecutors want to claim that the company as a whole is doing something wrong and has to be shut down. Which doesn't make any sense when another company is just going to provide the same perfectly legal service and the users are going to use it for the exact same thing.
Moreover, the obvious way for companies to prevent this -- indeed, the thing Megaupload's replacement started doing after the original was shut down -- is to encrypt everything so their employees have no access to it. Which I have no objection to, but if courts and prosecutors like to be able to issue a subpoena and actually get something back, they might want to reconsider turning the ability of a company to access data into a liability.
Back in the 1990s the tech community convinced itself (myself included) that Napster had zero ethical responsibility for the mass piracy it enabled. In reality, law in a society is supposed to serve that society. The tech community talked itself into believing that the only valid arguments were for Napster. In hindsight, it's less cut-and-dry.
I have never believed E2EE to be viable, in the real world, without a back-door. It makes several horrendous kinds of crime too difficult to combat. It also has some upsides, but including a back-door, in practice, won't erase the upsides for most users.
It is naive to think people (and government) will ignore E2EE; a feature that facilitates child porn, human trafficking, organized crime, murder-for-hire, foreign spying, etc etc. The decision about whether the good attributes justify the bad ones is too impactful on society to defer to chat app CEOs.
If you believe privacy not inspectable by law enforcement is wrong the prerequisite is saying that you're willing to have the the law apply to you as well.
How could they have any moral responsibility for ethically neutral thing other people were doing?
Law is a way to enforce a policy on massive scale, sure. But there is no guarantee that it enforces things that are aiming the best equilibrium of everyone flourishing in society. And even when it does, laws are done by humans, so unless they results from a highly dynamic process that gather feedback from those on which it applies and strive to improve over time, there is almost no chance laws can meet such an ambitious goal.
What if Napster was a symptom, but not of ill behavior? Supposing that unconditional sharing cultural heritage is basically the sane way to go can be backed on solid anthropological evidences, over several hundred millennia.
What if information monopolies is the massive ethical atrocity, enforced by corrupted governments which were hijacked by various sociopaths whose chief goal is to parasite as much as possible resources from societies?
Horrendous crimes, yes there are many out there, often commissioned by governments who will shamelessly throw outrageous lies at there citizens to transform them into cannon fodders and other atrocities.
Regarding fair retribution of most artists out there, we would certainly be better served with universal unconditional net revenue for everyone. The current fame lottery is just as fair as a national bingo as a way to make a decent career.
Few things would please me more than to live under a system where arts and culture were freely available to all, and artists didn't have to starve in the process. It doesn't strike me as far-fetched either; it wouldn't take much to improve on the system we currently have.
But my original point was that, given the society we actually had when Napster came along, it was unreasonable for Napster unilaterally to decide for everyone else that existing laws and expectations no longer mattered.
Yes, this happened, is happening and will happen.
I wonder however if the word "often" may perhaps be misleading or even completely wrong.
If you pick one random victim of a horrendous crime today in a western society. Feel free to pick the minority most hated by that society. What is the likelihood that that crime was commissioned by the government? It's more likely domestic violence, trafficking etc done by fellow community members.
Sure there are examples of governments shooting civilian planes in the sky or ferries in the and covering up. And it's perfectly sensible to be outraged when that happens. But jumping to the conclusion that "the government" just does those things as a matter of routine doesn't sound right to me. I don't buy it. It smells conspiratorial thinking and requires extraordinary proof.
Now that automated mass surveillance actually makes it possible for the states to keep tabs on just about everything, E2EE, if anything, merely rebalances the scales (although even that is overselling it - in practice, with modern surveillance tools, the scales are still much more heavily tilted in favor of those surveilling).
To what extent people really want to embrace the panopticon is not so clear-cut. It is certainly something heavily pushed from above, and in many societies that does seem to be reflected in public opinion (e.g. UK) - but not in all, so I do not think it can be reasonably assumed to be the default.
If that would be the case he would be at least a accomplice if not even the Initiator of criminal activities.
Otherwise it would be just an abuse of his service by criminals.
WORSE, you get banned for reporting CSAM to Discord, and I guarantee if you report it to the proper authorities (FBI) they tell them to bug off and get a warrant. Can we please be consistent? If we're going to hold these companies liable for anything, let's be much more consistent. Worse yet, Discord doesnt even have End to End encryption, and the number of child abuse scandals on that platform are insane. People build up communities, where the admins (users, not Discord employees) have perceived power, users (children) want to partake in such things. Its essentially the Roblox issue all over again, devs taking advantage of easily impressionable minors.
Reddit isn't much better. [1]
[0]: https://www.reddit.com/r/discordapp/comments/14sx8fz/discord...
[1]: https://www.theverge.com/2021/4/25/22399306/reddit-lawsuit-c...
Edit:
I think the lack of bulk reporting is a pain too. They used to ask for more context. One time I reported a literal nazi admin (swastika posting, racial slurs, and what have you), but the post was "months old" and they told me essentially to "go screw myself" they basically asked why I was in the server.
There is a legal distinction here between what happens on your platform despite your best efforts (what you might call "incidental" use) vs what your platform is designed specifically to do or enable.
Megaupload is a perfect example. It was used to pirate movies. Everyone knew it. The founders knew it. You can't really argue it's incidental or unintended or simply that small amount that gets past moderation.
Telegram, the authorities will argue, fails to moderate CSAM and other illegal activity to the point that it enables it and profits from it, which is legally indistinguishable from specifically designing your platfrom for it.
Many tech people fall into a binary mode of thinking because that's how tech usually works. Either your code works or it doesn't. You see it when arguments about people pirating IP being traced to a customer. Tech people will argue "you can't prove it's me". While technically true, that's not the legal standard.
Legal standards relay on tests. In the ISP case, authorities will look at what was pirated, was it found on your hard drive, was the activity done when you were home or not and so on to establish a balance of probabilities. Is it more likely that all this evidence adds up to your guilt or that an increasingly unlikely set of circumstances explains it where you're innocent?
In the early days of Bitcoin I stayed away (to my detriment) because I coudl see the obvious use case of it being used for illegal stuff, whichh it is. The authorities don't currently care. Bitcoin however is the means that enables ransomware. When someone decides this is a national security issue, Bitcoin is in for a bad time.
Telegram had (for the French at least) risen to the point where they considered it a serious enough issue to warrant their attention and the full force of the government may be brought to bear on it.
That would seem to be the key bit. Makes one wonder what level of cooperation is required to not be charged with a slew of the worst crimes imaginable. Is there a French law requiring that messaging providers give up encryption keys that he is known to be in violation of?
2000/31/EC[2], states that providers are generally not liable for the content they host IF they do not have actual knowledge of illegal activity or content AND upon obtaining such knowledge, they take action and remove and disable access to that content(telegram has been ignoring those). Service providers have no general obligation to monitor but they need to provide notice and take down mechanisms. Assuming that their statement are correct, and they had no idea, they should be in the clear. Telegram provides a notice and take down mechanism. But saying that there are channels with +500k subscribers filled with people celebrating a 4 year old girl with a blown off leg in Ukraine and no one has reported it in 2 and a half years after it was created is indeed naive.
[1] https://telegram.org/tos/eu
[2] https://eur-lex.europa.eu/eli/dir/2000/31/oj
Nor does it require a third party client. In fact, in this regard, Telegram official client is slightly better because they have reproducible builds for iOS, while Signal, last I checked, does not (they do have them for Android).
I’m not a fan of this arrest and I don’t believe service providers have a duty to contravene their security promises so as to monitor their users.
But it seems pretty obvious that governments find the monitoring that Google / Reddit / etc do acceptable, and do not find operation of unmonitorable services acceptable.
> do not find operation of unmonitorable services acceptable.
Sounds like something straight out of a dystopian surveillance state novel, very bad outlook if true.
Aside, warrant canaries have never been actually tested in court and the common consensus is that they wouldn't fly in reality if they were ever contested.
We have no way to know this, and (unlike Signal), Telegram doesn't give us best-effort assurances by doing things like open-sourcing its code.
Either way, you're saying the MTProto is binary? How do you mean that?
Pretending you misunderstand what I meant is detestable.
XMPP and Matrix services run open source software such as ejabberd
The integrity of your conversation with someone would then depend on both your endpoints, clients, and the respective server.
Just like email, but for chat. There is no single gatekeeper who is allowed to use the network.
> global network consists of servers run by many independent entities
This is not the case for all the popular chat apps including Signal which uses centralized servers which they run themselves. They clearly see little benefit from this distributed independent server model.
And even that doesn't mean the server is open source.
As I explained earlier if you cannot audit the physical server you are connected to, claiming it's open source is useless. FYI that's literally how the term open source was used in this context!
> The integrity of your conversation with someone would then depend on both your endpoints, clients, and the respective server.
Client to client verification simply works and eliminates the need to also "verify" the server which if compromised introduces an even higher risk of contamination in the trust model (too many co-dependent functions are delegated to the server), not to mention collusion in establishing integrity of yet another device that we need to trust.
An IM platform server can be open sourced. Just like any kind of software.
It's just a matter of publishing your code and, preferably making it possible to verify that the service your users are connecting to is build using the same published code.
Typically, the way it goes is that you implement e2ee such that even a fully compromised server cannot read the clients messages, publish the client's source code, and build it yourself or use reproducible builds. That ladt part is where you can criticize Signal. Whether they publish the server code is mostly irrelevant unless you want to run a separate messenger infrastructure.
Or if you S2S federate with the upstream server. Which is a core differentiator of XMPP and Matrix. Signal server(s) notably supported proper federation during their initial growth-phase but famously closed it off ("The ecosystem is moving").
Similar story as Google [Chat/Talk/Hangouts], which did federate over XMPP before they closed that down years ago.
https://github.com/signalapp/Signal-Server
Open client code and documented protoccols are much more important. If you can compile your own client from open source code and it works fine, then you can know for sure what you're sending to the server.
Well, other than his arrest ;-)
When an authoritarian govt is calling for the release of someone who runs a "private" messenger, it suggests they have a back door. Otherwise they tend to oppose all private messaging.
Most western countries do horrific things we do not find acceptable, but when we do find out we hand wave it away because they're the "good guys".
Good thing it’s legal to say so in the countries that dominate its user base.
It came very close to this during Covid, and maybe once or twice since then.
You're free to say what you want, and everyone is free to ignore you if what you say doesn't jive with "common sense".
https://x.com/moo9000/status/1827651335476461813
Well the embassy is complaining about this arrest, so maybe that's just counter-intelligence.
And then, he is also on Putin's wanted list; his arrest could one day turn him into a valuable bargaining chip.
It’s French national law, not EU (though the EU will copy for sure).
https://www.lawfaremedia.org/article/whats-going-frances-onl...
Also now they have added “because people watch football matches illegally on Telegram”. So they are going to throw everything at kitchen sink at Durov, probably also national security issues because anti-French political groups use Telegram in Africa.
https://x.com/ChrisO_wiki/status/1827767824858931319
Also it is still the investigative phase but the suspicion is warranted completely.
I seriously do not understand low moral people shielding those helping criminals, do you really not knowing what are you doing, seriously, just because there is a - misleadingly presented - popular service there? Really? Very worrying the moral state of social media user masses.
Well Tucker Carlson also said he used Signal and his messages were leaked by the government so yeah...
Additionally, they fulfilled requests made in Brazil, India, and Germany to name some I remember. Again, using the private user data they collect.
So what you fell for was just basic marketing (a CEO going on a TV program, as Tucker Carlson isn't even news) to market his app.
We'll have to wait and see, but I suspect some kind of more direct participation or explicit provable look-the-other-way at CSAM etc.
Not if the key is provided to the platform operators to confirm the contents. Otherwise yes anyone could claim any encrypted file contains illicit material and people would game that system.
For what it's worth the key may not need to be manually shared to the provider as referrers often leak where people learned about the file and that source location may also contain the key or password. All it takes is one person using a web interface or addon that leaks such information. Some addons break the referrer-policy header and many website operators don't even set the header [1] in the first place. Example header testing [2]. Please test the sites you visit and kindly ask the website operators to address any missing headers.
[1] - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Re...[2] - https://securityheaders.com/?q=https%3A%2F%2Fnews.ycombinato...
In principle, the police can tell if a song infringes copyright, or if a message spreads hate (I'm trying to sound American here). Or if a picture is really a "cheese pizza" or just a strange artistic depiction of youth. Not because the police don't know about music or TC/IP, or don't care about art or reading. Everyone knows they care. But because it is a legal problem.
In my country, let's call it a republic, at least it was a long time ago, even the state can own all your bases because you don't pay taxes, the police can only arrest you for six hours while they call the prosecutor to check that the 200 grams of white powder is what it is. They knew. They had already stolen the rest. If the forensics aren't quite sure what you're bringing them, it's the stuff that makes the stuff what the stuff is, you're free to go.
The prosecutor can make a case and send the 100 grams of white powder the same day, claiming that the stuff is the same stuff that other similar stuff is made of. He expresses his strong conviction. The judge then sends an arrest warrant to the police. You've been arrested, you have no money, the judge imposes some restrictions on you: you can't leave the country, you can't contact certain people, you have to go to court every week to sign a book. The investigation is open.
You have access to all the documents. Nothing happens without your approval and control.
This is how it works if SIA (yes, the singer) is not involved. If it is, you will be dead for a week and no one will ever find your body.
Because they let their users do it and benefited from it. Try doing the same thing as a bank :) Or a newspaper :)
Internet cannot be anarchy forever. Every anarchy ends up as oligarchy. It needs regulation and fast.
Rhetorical question: for what reason should a country be anything other than a hypocrite when it comes to situations such as this? Nations prioritize their own self-interests and that of their allies, even if that makes them appear hypocritical from an outside, or indeed, even an inside perspective. But that doesn't mean there's no legitimacy to what they do.
I think this is simplified. Certainly yes, if "all" Telegram was doing was operating a neutral/unmoderated anonymized chat service, then it's hard to see criminal culpability for the reasons you list.
But as people are pointing out, that doesn't seem to be technically correct. Telegram isn't completely anonymous, does have access to important customer data, and is widely suspected of complying with third party requests for that data for law enforcement and regulatory reasons.
So... IF they are doing that, and they're doing it in a non-neutral/non-anonymized way, then they're very plausibly subject to prosectution. Say, if you get a report of terrorist activity and provide data on the terrorists, then a month later get notified that your service is being used to distribute CSAM, and you refuse to cooperate, then it's not that far a reach to label you an accessory to the crime.
Because they crossed the line from common carrier to editor - an entirely different set of obligations.
Also, even such common carrier as telcos must abide to state injunctions against their users.
I'm not sure where this myth originated—perhaps from Kim Dotcom's Twitter account? I clearly remember the Megaupload case. They knew they were hosting pirated content, didn't delete it after requests[1], and shared money with the people who uploaded it because that was their business model.
1. https://www.forbes.com/sites/timworstall/2013/12/21/the-fasc...
https://xkcd.com/538/
Someone wants the service to stop, and has the influence to make it happen, the users are not a concern.
Now that Telegram is compromised, what's the next chat app people trust?
Are we 100% certain that this is only about Telegram? I want to see the allegations, not the vague charges, before pontificating about ISP liability. These charges might be more straightforwards.
That is why he's been lifted. Google et al will cooperate, even if that's by way of an onerous bureaucratic procedure involving MLATs.
https://www.justice.gov/opa/pr/justice-department-charges-le...
Granted, he's moved on to being a Kremlin propagandist and is now shilling anti-Semitism. See:
https://x.com/KimDotcom/status/1825187568834753021
(I have no idea what's going on with Durov, or how French and/or EU law works, except to say that legal analysis on HN tends sharply towards US norms, and people should remember that a lot of basic US legal norms, like the rules of evidence and against self-incrimination, do not generally apply in Europe.)
If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future. They're here: https://news.ycombinator.com/newsguidelines.html.
The US narrative on Ukraine and Israel is getting weaker. Thorns like Kim Dotcom that has a big following, Telegram that is the only social platform to access the Russian side of the events, can break the US narrative.
It is ironic that the US screams Russia did a war crime in Bucha but Israel on Gaza is fine.
At least Kim Dotcom earings and the main utility of the service was indeed based on pirated content. Telegram is huge news/chat/etc app, where the things the mention as "enabling" as totally marginal and coincidental, more like arresting a property owner that owns half of the city because some people sold drugs in a few of the apartments.
A few decades ago, one of the factoids about USSR was that they required all typewriters to be registered with the state, with a sample page produced for every unit manufactured so that the state could track their use (this last bit is unlikely to be true, but was widely believed). That was supposed to be a case in point on why free societies are better, not an example to follow.
I was pointing out that the GP's strawman was really immaterial because HP don't get sued/arrested because they comply with law enforcement (at the expense of user privacy).
Since I know better than to use a printer in the commission of a crime, it doesn't really affect me, but I'm aware that the majority of users consider it a privacy violation.
A more comparable example, is France going to arrest someone who maintains a printer in an office and knows an employee is printing CSAM but doing nothing about it?
I hope they would, this is the boat Telegram is in.
Of course you can find both somewhere in the walled planetary garden of googlotron in facebooks sure. But they clamp down on it hard as they can. They clamp down on anything marginally offensive much less illegal. Have you tried the facebook "report post" interface? there are 3,000 various types of offensiveness you may report. That's their bar, their standard, that's 1,000 miles away from definitely illegal content. If their censorship apparatik is so bold as to be wiping out vast swaths of totally valid free speech, anything illegal has no chance.
If the question is "what's a great place to go for piracy" - megaupload, pirate bay, etc, then any common answer to that question is a target... "where to I go for data breaches" - breachforums, telegram, etc. Don't get worked up, all those places were destroyed by the feds and no longer exist.
And they love that it's not actual moderation.
Telegram has become a hotspot for CSAM to the point that it is pretty much inevitable that you're going to encounter someone peddling it just by browsing other channels.
Every country has their own definition of "illegal" content, but things like CSAM are illegal everywhere, and that's one area where Telegram never really bothered to take action.
The arrest warrant has been out for a while, so I doubt Durov got himself arrested by accident. He probably has a plan, or at least good lawyers.
Why do I bring that line of reasoning up? Because an actually exhaustive traversal of 2nd-6th order effects renders everyone complicit in something, especially in the presence of things criminalizing not looking for things.
You should never count yourself out of being a complicit party for something, and realize that if you're going to impose a penalty on a group you consider a "them"; it is likely only a matter of time invested enumerating your effects in the world to make evident something they did has been enabled by you. Even if only by you not making the choice to do something about them.
Bad things will happen. We can't prevent them all. And trying to zero any class of bad thing has so many onock on effects, that even the most trivial sounding solutions need be met with strictest scritiny to figure out what they will break.
He provided the platform.
I think we should have and open and decentralized version of this kind of "criminal" communication system.
We should show them what Streisand effect really means.
> • 5 hours ago
> Pavel Durov, Telegram founder, arrested by France following warrant - The Jerusalem Post
> The alleged offenses include: terrorism, narcotic supply, fraud, money laundering and receiving stolen goods.
For those unaware, all channel on telegram are NOT ENCRYPTED. They are stored in plaintext on telegram servers. All chats that are not 'secret chat' mode (single device to single device) are NOT ENCRYPTED (stored in plaintext on server).
This is not about encryption, it is about the plaintext data and the organized crime happening in these channels.
Signal group chats ARE ENCRYPTED by default. It is actually not possible to send an unencrypted message on signal. This will not pivot into an E2E issue, and will not affect signal which has set itself up to not store unencrypted content on it's servers.
EDIT: Also possibly this may be a factor in the decision to arrest:
> finance.yahoo.com
> • 2 weeks ago
> Telegram adds new ways for creators to earn money on its platform
> Today's announcement comes as Telegram reached 950 million active users last month, and aims to cross the 1 billion mark this year. Earlier this year, Telegram founder Pavel Durov said the company expects to hit profitability next year and is considering going public.
It stores it encrypted with encryption keys split across the globe.
Not perfect, but multiple legal jurisdictions would have to be subpoenad for Telegram to read your non-secret chats.
If that entity doesn't comply, governments will get upset and charge your executives with crimes if they get the chance.
Different jurisdictions makes it harder to kick down the doors and get the keys, but it doesn't change the fundamental problem.
"Nuh-uh, I put all those records in a box in Switzerland, you can't have them" does not work well for US citizens, unless the government fails to even notice the box.
Everything's effectively plaintext then.
Plaintext: refers to data that is transmitted or stored unencrypted. None of which Telegram does.
Data I send to a website over TLS is effectively plaintext on my computer and on the other side; in transit, it is not.
It all comes down to your threat model. Encryption does not protect information from entities who hold the keys to decrypt that information.
It's not. They use a split-key encryption system so it's not exactly the same as storing the keys where the data is.
> It all comes down to your threat model. Encryption does not protect information from entities who hold the keys to decrypt that information.
I agree, which is why I'll say that the bottom line is:
Are auditable E2EE algorithms stronger in security than cloud encryption? Yes. Is MTProto 2.0 Cloud Encryption plaintext? No.
Yes, again, it all comes down to your threat model. No one can kick down the door and get to the keys.
But Telegram can get to all the keys, and thus can be legally expected to. The data is effectively plaintext to Telegram.
> Is MTProto 2.0 Cloud Encryption plaintext? No.
Just to note: "effectively plaintext" has been in use for a couple of decades as a term of art. We don't say it's plaintext, because it's not. It means there's effectively no security properties lent by the encryption.
For example, my web browser encrypts a few passwords for me and stores them on disk, but doesn't need a cryptographic secret from me to decrypt them; they're effectively plaintext, because no one has to break any encryption to read them.
Indeed, here's a thread on HN from 2013, where Durov is participating, where people are using "effectively plaintext" in exactly this way to describe exactly what we're talking about: https://news.ycombinator.com/item?id=6937097
There was no discussion of whether it can be improved. I was just telling you that it meets the established understanding of the term "effectively plaintext," which you were seeming to disagree with.
Have a good rest of your day.
Yeah, I would still disagree because everything is effectively plaintext in the end. The only difference is how you derive the key. There are levels of encryption, that is true but I think calling an actual encryption as 'effectively plaintext' is wrong.
> Have a good rest of your day.
Thank you! You too :D
Telegram CEO has access to all keys and therefore all chats. Matrix foundation has no such access. These two examples should explain the difference between "effectively plaintext" and e2ee. The main difference is not how someone derives the key. It's who can do it.
Besides the protocol used by Telegram being publicly available so you can easily confirm in 5 minutes that what you're saying is completely wrong, but you're also saying that law enforcement can totally see all those plain text messages hosted by Telegram, yet they choose to be really upset about it anyway despite it being, according to you, the best possible honeypot ever created with all criminal activity readily available for their peruse. Why, I ask you, would law enforcement want to stop such an app??? They would be completely silent about it and enjoy catching all criminals in it who are "ignorantly" thinking their messages are safe, wouldn't they??
Given the amount of baseless comments like yours on this topic, I can only imagine there's a concerted effort here to misinform everyone to make Telegram look bad so actual criminals move away from it to some more law enforcement-friendly platform. I have conflicting feelings about that, as perhaps the intention is noble, but I can never agree with misleading people by spreading misinformation and plain lies.
We can see that's true, because when I add a new device I can get into all my group chats.
Only if I explicitly "Start secret chat" does something else happen.
Telegram is sitting on a lot of group chats where a lot of horrible things are happening that governments want to see... and gets upset when Telegram doesn't use this access to share that information in response to lawful orders.
> I can only imagine there's a concerted effort here to misinform everyone
Assume good faith-- it's in the guidelines. I have been here just as long as you. I am not part of some shadowy conspiracy to make people think that Telegram security is bad.
I feel like people just don't understand the term of art "effectively plaintext".
Alternatively, if you thought I was talking about secret chats in general-- note that we are in a subthread talking explicitly about channels and non-secret chats:
"For those unaware, all channel on telegram are NOT ENCRYPTED. They are stored in plaintext on telegram servers. All chats that are not 'secret chat' mode (single device to single device) are NOT ENCRYPTED (stored in plaintext on server)."
That's a position he knowingly and willingly maneuvered himself into. Compare that with e.g. the way Signal answers subpoenas: https://signal.org/bigbrother/
> Besides the protocol used by Telegram being publicly available so you can easily confirm in 5 minutes that what you're saying is completely wrong
There's absolutely no need to analyzse the protocol, since you can just perform a high-level mud puddle test [1], and Telegram fails it. I've tried this myself.
[1] https://blog.cryptographyengineering.com/2012/04/05/icloud-w...
RAM can be XOR'd with little latency with hardware acceleration with a key in a slightly - separated secure enclave that will degrade if upset too rapidly, similar to a virtual da Vinci cryptex.
radio/bluetooth/em/sensitive/proximity warning switches to unmount virtualized volumes all in a quasi-state-sanctioned-"contact center" in middle Ukraine.
They are trying their best to prevent the inevitable; the ungovernable, untaxable, uncensorable, un-surveillable commerce and communication platform that will eventually arise from the amalgamation of human's pesky technology and its crossroads with the human condition.
The hate for all things labeled "crypto" (convenient poising the well/doublespeak) was a (partially) government sigh op astro-fabri-exagerated to sway public opinion against anything "crypto" so that an ungovernable, decentralized, general trust-less computation protocol/escrow/rep using zkp+ and hormophic encryption was not able to be realized before the alfabit bois got a chance to mole into the development pipeline and backdoor the inevitable Merchanti Ultimatum; anything less would be a massive national security threat globally.
The physical storage location is completely irrelevant. What matters is access, and they have that.
Telegram has full operational control over these keys, as demonstrated by the fact that anyone that can perform SMS verification is able to access past messages on an account, and SMS-OTP can in principle not involve any cryptographic operation, as there is absolutely no user input.
Thats not how legal works.
for example if I am an EU based judge and I issue a warrant for getting data from a company in a case related to something important (your values may vary, but lets say its not about parking fines) then if your company wants to continue to operate in the EU, you need to pony up the data, or tell them why your can't comply, rather than won't
Having your data stored with keys that you control isn't an excuse.
Or they could just arrest the founder and make him give them the data + keys...
FYI, this is a totally misleading and false claim.
Telegram uses the MTProto 2.0 Cloud algorithm for non-secret chats[1][2].
In fact, it uses a split-key encryption system and the servers are all stored in multiple jurisdictions. So even Telegram employees can't decrypt the chats, because you'd need to compromise all the servers at the same time.
Telegram's algorithm has been independently audited multiple times. Compared to other apps like WhatsApp with claims of E2EE and no body of verification and validation.[3]
[1]: https://core.telegram.org/mtproto#general-description [2]: https://core.telegram.org/mtproto/AJiEAwIYFoAsBGJBjZwYoQIwFM... [3]: https://arxiv.org/pdf/2012.03141
I very much doubt that. If Durov wanted to, they could decrypt all of those messages.
That fancy encryption system is worthless when someone can hijack the session of any of the users in a chosen group. This is a risk in many crypto messengers, but those usually come with optional key verification whereas Telegram doesn't have that outside of encrypted one-on-one chats.
Along with that, you can use Telegram on as many devices as you want. The chats instantly appear after login. WhatsApp and Signal both are lacking here.
So there are always tradeoffs when it comes to encryption and convenience.
Telegram's focus has been on the convenience side and providing assurance using a clean record of protecting user-data from governments, which is why Telegram was created in the first place.
Can the encryption be improved? Of course yes! I'd love to! but I think much of the criticism by the WhatsApp loving crowd is not only disingenuous, but also harmful.
I agree, that is very convenient. Also for the secret police officer..
I use telegram as social media, but I really would not use it to organize protest somewhere. Then the whole safety depends on whether Durov made a deal with the secret police, or them infiltrating the servers to know everything about anyone involved. What they liked at what time, what pictures they shared, etc.
That's not a possibility. Split-key encryption doesn't allow such a thing to happen.
what do you mean? user sessions are remotely hijackeable?
We do have at least some empirical evidence that WhatsApp is properly encrypted. WhatsApp's cryptography has made judges in my country foam at the mouth with rage so hard they ordered retaliatory nation wide blocks of the service at least twice.
People are right to distrust Meta but I for one am glad that everyone I know is using WhatsApp. I also have Signal and Matrix but a grand total of zero people message me through those.
so do we. Telegram's MTProto 2.0 has been audited multiple times by independent researchers, compared to WhatsApp's closed-source claims of E2EE.
I'd rather trust a company with a proven track record of no security incidents and fight for user privacy than a corporation which lies through its teeth time and again.
This is however something completely different from and largely orthogonal to "Telegram does not have access to their users' message contents".
The fact that they are consistently claiming the former and the latter makes them seem extremely untrustworthy to me.
Gaining my trust requires truthfulness and transparencies about the capabilities and limits of a service provider's technology (but of course is in no way sufficient).
The point is moot anyway. Everyone in Brazil uses WhatsApp. They will not use anything else. I'd be ostracized if I refused to use it.
Oh wow, they need to get that checked, could be pulmonary edema.
It doesn’t include E2E encryption in the scheme only client to server.
Whether the server stores it as plaintext or not, is moot to the point of having telegram itself be able to see the chats because they hold the encryption keys of the server and therefore can be made to comply with legal requests.
The person you replied to may be incorrect on the aspect of plain text but imho they’re right that it’s not really relevant in this context.
Encrypted storage would be relevant for the case where a server is compromised by a hacker.
But the Arxiv paper says:
"We stress that peer clients never communicate directly: messages always go through a server, where they are stored to permit later retrieval by the recipient. Cloud chat messages are kept in clear text, while secret chat messages are encrypted with the peers’ session key, which should be unknown to the server."
So it doesn't appear to be encrypted-at-rest, but without reading the telegram documentation I can't verify that.
No, you seem to have have in fact fallen for Telegram's continuous intentional misinformation.
The only thing that matters for whether we can call something "encrypted" or "plaintext" (or more precisely, "end-to-end encrypted" vs. "storage encrypted at rest" or "encrypted in transit" etc.) is whether they, the service providers, can access it themselves.
Would you argue they can't? And if so, how come can I log in to my Telegram account using only SMS verification and access my old messages?
> Telegram uses the MTProto 2.0 Cloud algorithm for non-secret chats[1][2].
FYI you don't understand encryption and are spewing pristine BS.
Only p2p secret chats use e2e encryption and are invisible to Telegram employees.
Everything else is stored in plain text on Telegram servers.
The OP was correct and your counter argument is void and null.
I'd like to point out WhatsApp chats are also end-to-end encrypted, just like in Signal. People aren't wrong to distrust Meta but I'd like to point out that WhatsApp encryption often makes judges here seethe to the point they order nation wide blocks of WhatsApp out of spite. The fact everyone I know uses something this secure makes me very happy. It's not perfect but since network effects makes alternatives unusable I'll take what I can get.
It's basically a UX tradeoff: You can not promote default E2E + no autobackups -- people in mass are not ready to lose their data when losing the device. Nor they are ready to store the key separately in a confidential manner. Nor they are ready to manually transfer the key among different devices.
All this UX situation is defined by Moxie (the author of Signal and Whatsapp encryption) in his blog post about PGP/WoT concept meeting the reality https://moxie.org/2015/02/24/gpg-and-me.html
So in fact as the average user you have either: 1) E2E + unenctypted autobackup (Whatsapp) or 2) no e2e by default and separate e2e secret chats (Telegram) that are available only on a specific device.
In the first scenario all your chats inclusing the most sensitive are available by the law enforcement by issuing a warrant to your file storage provider. In the second scenario you potentially can spill some sensitive information in default non-encrypted chats.
What is worse? I don't know. But I use both Telegram and Whatsapp with backups turned off. So I'm losing all the Whatsapp chat history when using a new device while losing only secret chats In Telegram (not a problem for me since I delete them often manually or set a self-destruct timer anyway)
I get it. I'm a privacy and free and open source software enthusiast. It's not perfect. It certainly is better than alternatives though. We know for a fact that it pisses off judges and authorities. That's a major sign that its working. You should be concerned when they stop complaining about it, it means they got in.
Have you checked the source of Telegram? https://telegram.org/apps#source-code
Anyway, while it's possible to activate a Telegram account without a physical phone (using some temporary number services) or using an (relatively) anonymous SIM card 99% of users use it via Android or iOS and that's means there is no need to grab data from Telegram, USA gov. as well as Apple or Alphabet could simply milk them from their OSes, virtual keyboards and so on.
It's really cloying how many do focus on the service instead of weighting the ecosystem...
This seems like some heavy-handed government coercion.
If undercover agents come by, and discover that minors are purchasing alcohol - the business will get fined, and likely banned from selling alcohol for some time.
If I, the owner, continue to ignore authorities and flat out refuse to cooperate, and there are new busts - I would expect to face charges. The joint would likely get shut down, and I could be liable. If things are severe enough, I'll likely be investigated for running a criminal enterprise there.
Obviously there are differences in how things are regulated in the different countries - but in countries where the CEO assumes total responsibility, and the buck stops there - it would make sense that the CEO will get charged with those sort of things, if the company has not done enough to cooperate or moderate their product and users.
- All protests in support of Palestine banned https://www.politico.eu/article/france-gerald-darmanin-aims-...
- Head coverings banned
- Run a messaging app but the French state finds stuff on it that it disapproves of? You are a Terrorist
It's sad to see this backsliding in Europe.
The headscarf ban is part of all religious symbols in public areas like schools and hospitals.
False
> - Head coverings banned
Absolutely untrue.
You can consult these links if you want to read more about it:
https://core.telegram.org/mtproto/AJiEAwIYFoAsBGJBjZwYoQIwFM...
https://arxiv.org/pdf/2012.03141
https://github.com/miculan/telegram-mtproto2-verification
This is a Ukraine channel. You can preview it in a web browser. If Telegram can enable that functionality, then it means they have the complete capability to serve the content of the channel. Same story if they can scroll back an existing channel to new users.
You claim that only secret chats are encrypted in telegram, which is straight not true. You can pull up a link to public channel and everyone can preview the posts, that's obvious. You cannot do the same trick with group chats because they are private and encrypted using MTProto
The comparisons to other providers is off base because either other providers are cooperating more when they possess actionable, unencrypted information and taking steps to detect or prevent such recurrences or they are like Signal and do not have access to the underlying material in the first place or store it for very long anyway.
One cannot legally run a hosted, unmoderated content platform in the developed world, one will always be required to remove illegal materials and turn over materials in cooperation with law enforcement.
A lot more and a lot less than that. Arresting this CEO in France is largely a political decision, not a politically neutral enforcement action against the Telegram platform.
They don’t perform the same enforcement against other entities they could go after.
If Telegram breaks the law - which it does - it’s completely logical that the CEO is held accountable for that and is arrested
The real conspiracy theory is: Telegram have never made any attempt to either implement full E2E or to dissuade their users for using it for politically sensitive messages. Why not?
It's probably true. There are still no e2ee chats on desktop, which includes my smartpon running GNU/Linux.
https://news.ycombinator.com/item?id=25074959
https://sneak.berlin/20231005/apple-operating-system-surveil...
Could be something nefarious or could be because not doing things is easier than doing things. Why bother if the existing conditions are just fine (for Telegram)?
I sincerely doubt that Telegram makes most of it's money by being this kind of host. I don't generally give the government the benefit of the doubt when it comes to _communication_ platforms. I also see zero evidence that Telegram's existence or policies help promote or create crime in any way.
It's not conspiratorial to refuse to show deference to the government which currently only has vague accusations to justify jailing a CEO. If the French government was so concerned about the criminal aspect then they should just order Telegram to not operate in France or they should work to block it at a national level.
The problem, the reaction, and the solution are not at all aligned here. Why anyone would jump in to defend the government's actions is absolutely beyond me.
If they are charging him and intend to convict, they have specific accusations, unless the French legal system is much different than the rest of the western world.
> "If the French government was so concerned about the criminal aspect then they should just order Telegram to not operate in France or they should work to block it at a national level."
Many governments with anti-CSAM laws exercise universal jurisdiction in those statues (i.e. they will to prosecute anyone for those crimes regardless of where they were committed and regardless if the person in question is a citizen), that being said it isn't entirely relevant here since the defendant is a French citizen. I would fully expect a government with CSAM accusations to prosecute those involved in facilitating such not just "block" them.
It's worth noting that the person in question was just arrested, so the trial hasn't happened yet, and yes the government could be full of shit, that would presumably come out at trial as dropped charges or an acquittal.
Precisely. So the constant need for people to gatekeep in here and chastise other people for having a negative view of the French government's actions is, to me, absurd.
> and yes the government could be full of shit
Yes. That's the assertion based upon the balance of history and probability and the complete disconnect between these actions and actual law enforcement outcomes.
> that would presumably come out at trial as dropped charges or an acquittal.
That doesn't mean we can't have a discussion about it.
One thing I did find suspicious about Telegram was that accounts that are restricted for "spam" can create a new account and pay for a premium license to remove the restrictions on the new account. Seemed like a racket to me.
Just would like to clarify, Telegram does take down channels/bots in some cases including copyright infringement. The only bots I’ve dealt with were music downloaders so I don’t know much about other kinds of takedowns, but it’s wrong to say that telegram doesn’t/didn’t take down material. Perhaps not enough or frequently enough, and I certainly don’t condone immoral activities- but they do do it sometimes.
Which is why I don’t see why certain services should be legally penalized just because they don’t happen to be E2E encrypted. Like if Telegram was instead e2e encrypted, why should that be legal if what they were previously doing wasn’t?
1) On the technical side, Telegram groups operate more like a bulletin board, content is posted and can be fetched over and over again, a bulletin board owner can be compelled to remove material and if non-cooperating considered to be facilitating. Signal is more like a conversation in the town-square or a letter box of sealed envelopes. Once the content is fetched, it's gone. If signal is made aware that certain envelopes contain material that needs to be removed, I'm sure they would do so provided they still possess them.
2) On the non-technical side, many countries have crimes that are all about who knew what and when did they know it and could that have acted (or did they have a duty to do so). Facilitating, accessory, accessory after the fact call it what you will but that's more of a legal / philosophical argument to be had about the legal system in general rather than telegram specifically. A situation were telegram was made aware of illegal activity and was hosting said content in the clear and did nothing is manifestly different from a case where those facts did not exist, in most legal systems.
I also disagree with the characterization of the discussion as "wide ranging conspiracies"... voicing concern over a government arresting a major online platform that is well known for minimal censorship shouldn't be labeled as conspiracy theories.
In some cases, selective prosecution is itself a defense; but (as you allude to) that is a very high bar for the defense to clear.
That said, the defense can say whatever they want about what they perceive as selective prosecution... but how do they know? It's not like they would have more knowledge about the prosecution's thought process than the average conspiracy theorist?
> Parallel construction is a law enforcement process of building a parallel, or separate, evidentiary basis for a criminal investigation in order to limit disclosure as to the origins of an investigation.
1. https://en.wikipedia.org/wiki/Parallel_construction
The specific discussion was related to a "wait-and-see" attitude in regards to the motives of the justice system of France (not the motives of the alleged perpetrator). The suggestion was that if this was politically motivated then that motive would be revealed once the discovery process began. However, if the French legal systems wants to hide a political motivation then they can use parallel construction to hide their methods, thus obscuring their motives.
Also, I didn't "describe" anything. I pointed to a Wikipedia article that, in part, declares parallel construction as supported by the Supreme Court of the US. So, at least in US law, it is not at all an abuse of power but rather a totally valid approach that law enforcement can take to build a case against someone. The entire reason I even know the terms is because it showed up so often in the TV show Law & Order.
Well, it seems that this happens too in the free world. I thought it was only my shitty hole barely third world puppet state.
We are doomed.
Yet you've started your comment with a strong speculation on why
(and it's also a bit naive to presume such things are surfaced during trial)
> as that will presumably be surfaced during the trial itself
Supposedly, Telegram (and by definition of the french law, the CEO) did not respond to requests for takedown of harmful content (or not enough or faster?) from the the OFMIN. This triggered another investigation looking globally at how Telegram handle content moderation on the public part of Telegram (Channel) which lead to all others charges of complicity.
This is basically the CEO taking the fall because the (unreachable by french law) Telegram company is not on french soil and he made the mistake on landing here.
---
https://i.imgur.com/ixak5vq.png
>This reminds me of the entire plot to the last of the Bourne movies, Jason Bourne, where there is a scene of the head of some intel agency (Tommy Lee Jones) propositioned a social media founder to give them backdoor access or he would be killed. Great movie.
https://youtu.be/VvfSkVDF8uE
Fun Thread:
https://old.reddit.com/r/conspiracy/comments/1f0i2yi/guess_w...
Should you remove e.g blasphemy which is illegal in many countries including some of what I assume you call "developed world"?
Mere responding is evidently not enough, you need to cooperate.
> you might consider technical architectures that don’t leave you in direct custody and control of that content in the first place.
This rules out the "public channel" feature.
Essentially what you say boils down to a global publishing platform being impossible nowadays without random and contradictive censorship acts.
While this is probably true, I definitely don't share the "yeah throw him to jail" sentiment. On the contrary, I miss very much the truly global Internet of early 2000s. If this was possible back then, it must be, generally speaking, possible? Are we going to see anything like this again in our lifetimes?
Only if the request is coming from a country with a lot of power to effect its judgments internationally, or from a country you plan to personally visit. Whether or not you agree with it, ignoring legal requests from the US, China, and the EU (and debatably some other countries), isn't really an option in this day and age.
Until you wanted to visit a small country on vacation and forgot you ignored their court order 4 years ago.
Or you visit some random country and didn't check the extradition treaties they have with some other country you thought you'd never visit.
Or maybe new extradition treaties (yay!)
The sad conclusion I'm seeing in this story is: If you make an internet service, it's safer to just block off all the countries except the specific ones you're planning to operate in.
My answer wasn't intended to be dismissive, truly, the answer will be specific to ones legal situation and the jurisdictions they plan to operate in and are best answered specifically by competent counsel in those jurisdictions after considering ones specific facts. Asking if ones should comply with laws "anywhere in the world" is not a useful question by itself.
No HN comment is ever going into the same depth as the output of a hundred plus lawyers. But the parent points in the right general direction.
You just don't know. And so we do not even have a single local forum.
One can. I think you're confusing censored with moderated. Google, Facebook, Instagram, etc. aren't moderated. They're censored. They refuse to moderate or not moderate. Censorship is a form of moderation, but it itself isn't enough to be considered moderated. Censorship is enough to make it not unmoderated though.
That's a terribly simplistic take.
And no, there are other providers that also cooperated less (not that you have reliable data on that for such a certain claim that you can't compare)
They made a claim that Telegram are particularly unresponsive to legitimate requests from various law enforcement groups which as a statement goes isn’t particularly controversial.
You seemed to have implied that:
1. There is no way to know that.
2. “Others” cooperate even less.
Do you have inside knowledge or not?
It is so funny you put a “developed” there, as if this is an advantage compared to developing ones.
Do we know this for sure? What are the sources?
If that were true — then it surely would be less surprising, and even expected, but I would argue it's still bad: first because encryption would lead to the same result (as you point out) and second because what's illegal is often a matter of perspective: Telegram had content that was illegal in Russia, and didn't collaborate.